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N+l  Planning  Guide  ■  Wireless  networks,  storage  and  security  are 

among  the  hot  technologies  at  NetWorld+Interop  next  week.  See  our  guide,  mi  y. 
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Novell  vet 
eyes  Web 
services 
challenge 

■  BY  DENI  CONNOR  AND 
JOHN  FONTANA 

DRAPER,  UTAH  —  Novell  co¬ 
founder  Craig  Burton  has  a 
long  memory  when  it  comes  to 
network  issues  —  and  he  sees 
the  problem  of  getting  multi¬ 
vendor  Web  service  applica¬ 
tions  to  work  together  as  one 
that  can  be  solved  with  a 
decades-old  answer. 

Burton,  who  is  credited  with 
creating  file  server  technology 
and  metadirectories,  has  founded 
a  new  company  called  Janus- 
Logix.  It’s  focus  is  on  building  a 
gateway  called  the  JanusLogix 
XML  Environment  (JLXE)  to  solve 
Web  protocol  and  platform  in- 
compatibilities.The  technology 
known  as  redirection  is  key  to 
Burton’s  JLXE  plan.  Novell  used 
the  technique  in  NetWare  as 
early  as  1981  to  implement  its  file 
server  technology  In  a  network,  if 
a  request  for  a  file  can  be  satis¬ 
fied  with  a  response  from  the 
user’s  local  disk.it  is  redirected 
there;  if  the  request  is  for  a  file  or 
application  on  the  network,  the 
network  disk  answers  it. 

Ultimately,  JLXE  is  designed  to 
provide  a  networklike  infra¬ 
structure  for  applications  that 
See  Burton,  page  16 


SEPTEMBER  11:  ONE  YEAR  LATER 


In 


What  has 
changed 

■  BY  JENNIFER  MEARS,  DENI  CONNOR  AND  MICHAEL  MARTIN 


the  year  since  the  terrorist  attacks,  network  executives  have  pragmati¬ 
cally  revisited  their  disaster-recovery  plans  and  core  network  technologies, 
haunted  by  visions  of  last  Sept.  11. 

“I  don’t  think  anybody  viewed  the  world  prior  to  9/11  as  we  do  now,”  says 
Denny  Groh,  acting  associate  commissioner  for  service  delivery  at  the  General 
Services  Administration,  which  delivers  IT  and  telecom  products  and  services  to 
federal  agencies.  “No  one  thought  that  two  buildings  could  bring  that  kind  of 
chaos  economically,  or  technologically,  to  our  country.  We  found  out  differently.” 

“Since  Sept.  1 1  there  is  more  of  a 
focus  on  preparation,”  says  Larry 
Godec,  CIO  at  First  American 
Title  in  Santa  Ana,  Calif.  “There’s 
more  a  sense  of  things  can  hap¬ 
pen.  And  there  is  more  aware¬ 
ness  about  the  importance  of 
business  resumption  and  dis¬ 
aster  recovery.” 

Network  executives  have  begun 
turning  the  trend  toward  con¬ 
solidation  on  its  head 
by  looking  for 
See  9/11, 
page  12 


CATRINA  GENOVESE 


Barry  Grant  CTO  for  Municipal 
Credit  Union,  which  serves 
firefighters,  police  officers 
and  healthcare  workers  in 
New  York,  has  revamped  his 
organization's  disaster- 
recovery  system  in  the  wake 
of  last  September's  attacks. 
His  story  is  on  page  12. 


Gar  makers 
rev  up  new 
e-commerce 
initiatives 


■  BY  ELLEN  MESSMER 

DETROIT  —  When  it  comes  to 
e-commerce,  the  Big  Three  U.S. 
automakers  see  bumps  aplenty 
in  the  coming  months. 

For  starters,  Ford  told  the  audi¬ 
ence  at  the  annual  AutoTech  con¬ 
ference  last  week  that  it  is  tearing 
out  its  decade-old  Ford  Supplier 
Network,  the  proprietary  client/ 
server  application  that  Ford  trad¬ 
ing  partners  have  used  for  pro¬ 
curement  and  finance  purposes. 
The  automaker  will  convert  its 
global  operations  and  trading 
partners  to  a  new  Web-based  ap¬ 
plication  Ford  calls  eVerest. 

Based  on  the  Oracle  1  li  e-com- 
merce  application  suite, eVerest 
will  require  Ford  and  its  suppliers 
—  an  estimated  100,000  users  in 
25  countries  speaking  12  lan¬ 
guages  —  to  go  through  an  ex¬ 
tensive  training  and  registration 
process,  along  with  maintaining 
old  and  new  e-commerce  appli¬ 
cations  during  the  transition. 

For  Ford  and  its  suppliers,  this 
will  be  a  year  of  somewhat  pain¬ 
ful  transition,  says  Sue  Kobet, 
Ford’s  director  of  eVerest  Global 
Purchasing  eBusiness 

“The  eVerest  Supplier  Portal 
will  be  used  for  manufacturing, 
See  AutoTech,  page  16 


We  tested  seven  new  tools  designed  to  detect  denial-of-service  attacks. 
Which  one  is  right  for  your  network? 

Check  out  our  detailed  analysis  of  each  product  on 
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of  the  time.  Page  41. 
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The  patches  just  keep  coming 


WorldCom  execs  face  long  arm  of  the  law 

■  The  muck  keeps  getting  deeper  around  the  WorldCom  situation,  as  a  grand  jury 
indicted  its  former  CFO  on  securities  fraud  and  other  charges  after  an  apparent 
breakdown  in  plea  negotiations.  Scott  Sullivan  is  accused  of  overseeing  a  scheme  to 
conceal  S3. 8  billion  in  company  expenses.The  indictment,  unsealed  in  federal  court 
in  Manhattan,  also  names  Buford  Yates,  WorldCom’s  former  director  of  general  ac¬ 
counting,  along  with  other  accounting  executives,  Betty  Vinson  and  Troy  Normand.as 
unindicted  co-conspirators.  Sullivan  allegedly  instructed  the  executives  to  hide 
WorldCom’s  increasing  expenses  by  improperly  shifting  costs  from  operating  to  cap¬ 
ital  accounts. 

The  indictment  alleges  that  Sullivan,  Yates  and  their  co-conspirators  schemed  to 
artificially  inflate  WorldCom’s  reported  earnings  and  knowingly  violated  generally 
accepted  accounting  principles.  Five  of  the  indictment’s  seven  counts  concern 
WorldCom’s  quarterly  Securities  and  Exchange  Commission  filings  for  all  of  2001 
and  the  first  quarter  of  2002.  According  to  published  reports,  prosecutors  were  seek¬ 
ing  plea  deals  with  Sullivan  and  others  in  hopes  of  building  a  case  against  former 
CEO  Bernard  Ebbers.  Ebbers’  lawyers  have  said  he  had  no  knowledge  of  the 
accounting  decisions  in  question. 


Gall  it  Web  laundry 

■  The  Web  was  meant  for  this.  IBM  and  USA  Technologies  are  developing 
a  system  called  eSuds  that  would  let  college  students  swipe  a  credit  card 
or  punch  a  code  into  their  cell  phones  to  pay  for  washing  or  drying  their 
clothes.  According  to  a  Reuters  story  the  souped-up  washers  and  dryers 
also  would  let  students  check  a  Web  site  for  empty  machines.  From  the 
comfort  of  their  desktop  or  laptop, students  could  add  soap  and  fabric  soft¬ 
ener  that  is  dispensed  by  the  washing  machine. When  the  wash  is  done,  the 
students  could  get  an  e-mail  telling  them  to  come  and  get  it.  IBM  and  USA 
Technologies  said  they  are  connecting  9,000  washing  machines  and  dry¬ 
ers  at  U.S.  colleges  and  universities  to  the  Web  in  an  effort  to  make  doing 
laundry  at  school  less  of  a  hassle.  IBM  will  host  the  eSuds  transaction  data 
and  Web  sites,  and  integrate  the  technology  that  handles  inventory,  pay¬ 
ment  authorization  and  reports.  USA  Technologies  will  provide  the  cash¬ 
less  technology,  which  IBM  developed. 

Security  group  pumps  up  membership 

■  The  Liberty  Alliance  Project  last  week  added  30  members  to  its  effort  to 
create  a  standard  for  online  authentication.The  infusion  of  companies  and 
organizations  adds  first-time  perspectives  from  the  healthcare  and  media 
industries,  and  from  the  consortium  developing  the  next-generation 
Internet.  The  new  members  were  added  a  little  more  than  a  month  after 
the  alliance  released  its  1.0  specification,  which  outlines  a  single  sign-on 
mechanism  for  e-commerce  and  Web  services. The  specification  would  let 
users  authenticate  at  one  network  access  point  and  use  that  identity  to  tra¬ 
verse  other  sites.  This  so-called  federated  identity  management  is  a  key 
sticking  point  in  developing  secure  e-commerce  and  Web  services  for  busi- 
ness-toconsumer  and  business-to-business  interaction.  Sun  started  the 
alliance  a  year  ago  to  counter  Microsoft’s  efforts  to  create  a  similar  authen¬ 
tication  mechanism  with  its  Passport  service.  New  members  include 
Baltimore  Technologies,  Bridgewater  Systems,  ePresence,  Financial 
Services  Technology  Consortium,  Healthcare  Financial  Management 
Association,  Internet2,  Newspaper  Association  of  America, Oblix.Quadrasis 
and  Sprint. 


IPO  madness.  Another  week,  another  ^  '  ^ 

appearance  by  WorldCom  in  The  Good,  The  Bad,  The  Ugly.  Salomon  Smith 
Barney  last  week  said  it  allocated  nearly  1  million  shares  for  hot  IPOs  to 
former  WorldCom  CEO  Bemie  Ebbers  at  the  same  time  the  carrier  was  doing 
millions  of  dollars  in  investment  banking  with  Salomon.  (Salomon  also  allocated 
shares  for  other  WorldCom  and  non-WorldCom  telecom  execs.) 


BRIAN  GAIDRV 


■  A  couple  of  weeks  after  admitting  to  a  flaw  in  the  cryptography 
software  of  its  operating  system,  Microsoft  last  week  said  another 
security  flaw  involving  digital  certificates  exists  in  the  operating 
system.  A  few  weeks  ago  the  problem  was  in  verification  of  digital 
certificates  used  with  Secure  Sockets  Layer  to  protect  communi¬ 
cation  over  the  Internet  using  the  Internet  Explorer  browser. 

The  new  flaw,  deemed  critical  by  Microsoft,  lets  hackers  delete 
digital  certificates  used  to  encrypt  data  in  many  programs,  in¬ 
cluding  e-mail.  Just  like  the  SSL  flaw,  the  new  vulnera¬ 
bility  is  found  in  Windows  NT,  98,  98  Second  Edition, 

ME,  2000  and  XPThe  vulnerabilities  are  just  two  in  a 
string  of  security  flaws  that  have  been  discovered  in  the  c_;;> 
past  month. 


Caldera  thinks  Unix 

■  Two  years  after  buying  the  Unix  software  and  services  divisions  of  the  former  Santa 
Cruz  Operation,  Linux  and  Unix  vendor  Caldera  last  week  said  it  would  be  changing 
its  name  to  The  SCO  Group  and  re-establishing  its  Unix  work.The  move  is  being  made 
in  part  to  take  advantage  of  the  strong  brand  recognition  still  associated  with  the  old 
SCO  nameplate.  After  the  acquisition  of  the  two  SCO  business  units  in  late  2000, 
Caldera  fell  down  in  the  Linux  and  Unix  arenas.“Caldera  was  always  known  as  a  Linux 
company;  The  SCO  Group  came  from  the  Unix  camp,”  says  Dari  McBride,  CEO  of  The 
SCO  Group.“The  pendulum  swung  too  far  on  the  Linux  side.  We’re  just  trying  to  get  a 
happy  medium.” 


TheGoodTheBadTheUgly 


A  reason  to  cheer.  Hewlett-Packard 
CEO  Cariy  Fiorina,  during  a  press  conference 
last  week  about  the  first  quarter  of 
combined  financial  results  for  HP  and 
Compaq,  said  things  are  going  according 
to  plan,  despite  a  9%  dropoff  in  revenui 
and  $2  billion  in  losses.  “The 
good  news  frankly  is  that 
there  have  not  been  many 
surprises  [with  the  merger],” 
she  said.  “We  are  executing 
in  a  workman-like  and 
disciplined  way.”  (See  story,  page 
10,  for  more  details.)  > 

Nortel  shrinking  again.  Die 

network  equipment  company  warned  last  week  that 
its  third-quarter  revenue  will  fall  by  as  much  as  10%  from 
the  $2.77  billion  it  generated  in  the  second  quarter  because 
of  weak  demand  by  U.S.  carriers.  Just  last  month,  Nortel  said 
revenue  would  remain  flat.  The  upshot  for  Nortel  employees?  Seven 
thousand  more  will  be  laid  off  by  the  end  of  September,  reducing 
the  company's  total  by  a  sixth,  down  to  35,000  employees 


know. 


Out  of  the  office  used  to  mean  being  out  of  touch.  Now  there's 
BlackBerry,™  the  wireless  enterprise  solution  that  keeps  your 
team  connected  to  people  and  information  while  on  the  go.  BlackBerry  is 
designed  specifically  for  the  enterprise,  with  impressive  ROI  potential.  With 
BlackBerry  Enterprise  Server  software,  IT  benefits  from  centralized  management 


The  BlackBerry 
enterprise  solution  includes: 

>  advanced  wireless  handhelds  with  optional 
data  and  phone  services* 

>  software  that  integrates  seamlessly  with 
Microsoft®  Exchange  and  Lotus®  Domino'" 

>  a  powerful  platform  based  on  open  standards 
»  end-to-end  security  with  Triple  DES  encryption 


and  control.  Mobile  users  stay  connected  and  productive.  For  those  in  the 
know,  BlackBerry  has  become  the  corporate  standard  for  wireless  connectivity. 

"Check  with  your  service  provider  for  availability.  *2002  Research  In  Motion  Limited  (RIM).  All  rights  reserved  BlackBerry  is  an  end-to-end  wireless 
solution  developed  by  RIM.  BlackBerry,  the  BlackBerry  logo,  the  "envelope  in  motion"  symbol,  RIM,  the  RIM  Wireless  Handheld  family  of  marks 
and  the  RIM  logo  are  trademarks  or  registered  trademarks  of  RIM  All  other  trademarks  are  the  properties  of  their  respective  owners. 
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Infonet,  Genuity  push  VPN  service  quality 


■  BY  TIM  GREENE 

Users  demanding  quality  of  ser¬ 
vice  over  their  managed  IP  VPNs 
soon  will  have  two  more  service 
options  to  consider  from  Infonet 
and  Genuity 

The  two  companies  later  this 
month  will  separately  introduce 
class-of-service  options  to  their 
network-based  IP  VPN  services 
that  can  be  attractive  to  users  be¬ 
cause  they  lift  the  burden  of 
installation  and  management  of 
the  WAN  from  network  execu¬ 
tives.  Class-of-service  options  en¬ 
able  prioritization  of  traffic  so 
delay-sensitive  traffic  gets  through 
congested  areas  first. 

Infonet  and  Genuity  both  serve 
customers  internationally,  with 
Genuity  having  a  stronger  U.S. 
network  presence  and  Infonet 
stronger  in  other  countries.  Other 


Managed 

VPN  options 

Some  providers  offer  VPNs 
based  on  MPLS  while 
others  add  encryption 
using  IPSec. 


Company 

MPLS 

IPSec 

Both 

AT&T 

X 

Equant 

X 

Genuity 

X 

Infonet 

X 

WorldCom 

X 

providers  of  IP  VPNs,  such  as 
AT&T,  Broadwing,  Equant  and 
Sawis  Communications,  offer 
classes  of  service  using  a  variety 
of  technologies,  says  Steve  Har¬ 
ris,  an  analyst  with  IDC.  For  some 


customers,  these  classes  of  ser¬ 
vice  are  critical. 

“If  you  want  to  run  voice  or 
video  over  your  network,  you 
want  classes  of  service,”  he  says, 
because  that  traffic  cannot  toler¬ 
ate  delay  and  jitter. 

How  many  classes  of  service  a 
company  needs  depends  on  its 
size.  Only  the  largest  businesses 
need  more  than  two,  Harris  says. 
“It’s  too  cumbersome.  With  small¬ 
er  IT  staffs,  most  of  the  companies 
I’m  talking  to  barely  have  time  to 
check  their  firewall  logs,”  he  says. 
The  largest  companies  with 
healthy  staffs  with  time  to  analyze 
their  traffic  flows  can  benefit  from 
the  various  prices  available  for  the 
service  classes,  he  says. 

Infonet  services 

Infonet  next  week  is  introduc¬ 
ing  IP  VPN  Secure,  which  is  built 


Opsware  automates  network  mgmt. 


■  BY  DENISE  DUBIE 

SUNNYVALE,  CALIF—  Opsware 
this  week  will  introduce  software 
that  could  make  it  easier  for  com¬ 
panies  to  configure  networks  and 
servers  across  data  centers. 

The  company  which  changed  its 
name  from  Loudcloud  earlier  this 
year,  says  its  Multimaster  Service 
Automation  Module  (SAM)  can 
save  companies  a  lot  of  time  set¬ 
ting  up  new  data  centers  and  re¬ 
covering  downed  ones.  For  exam¬ 
ple,  it  says  the  software  can  slash 
the  time  it  takes  to  upgrade  60 
servers’  operating  systems  from 
four  weeks  to  just  three  days. 

The  software  is  an  add-on  to  the 
company’s  System  3  IT  automa¬ 
tion  platform.  It  uses  rules  and 
policies  running  on  that  platform 


and  its  agents  to  collect  in¬ 
formation  about  server,  network 
and  application  configurations. 
That  information  can  be  used  to 
configure  and  upgrade  systems  in 
new  or  existing  data  centers. 

“The  Multimaster  SAM  is  an 
absolute  must  for  us  in  terms  of 
maintaining  our  facilities  across 
multiple  geographical  locations,” 
says  Steve  Lapekas,  global  ser¬ 
vices  executive  for  Web  hosting  at 
Electronic  Data  Systems  (EDS). 
“Opsware  is  automating  IT  tasks 
that  normally  take  a  lot  of  people 
power.  It’s  bringing  in  scale  and 
standards  to  large  data  centers, 
which  ups  efficiency  and  quality’ 

EDS  bought  Loudcloud’s  man¬ 
aged  services  division  in  June  for 
$63.5  million  and  has  since 
signed  a  deal  with  Opsware  for 


$52  million  to  license  its  software 
over  the  next  three  years. 

While  Opsware  gained  opera¬ 
tional  experience  using  its  soft¬ 
ware  through  Loudcloud’s  service 
offerings,  the  company  will  com¬ 
pete  as  an  independent  software 
vendor  from  companies  such  as 
CenterRun  and  Jareva. 

This  is  a  software  category  that 
has  a  chance  to  fare  well,  even 
during  a  tight  economy,  says  Bill 
Mattorelli.a  vice  president  at  con¬ 
sulting  firm  Hurwitz  Group.  Cus¬ 
tomers  looking  to  consolidate 
data  centers  and  Web  sites  might 
find  IT  automation  software  at¬ 
tractive,  he  says. 

“Sales  are  slow  for  all  software 
now,  but  this  is  the  kind  of  soft¬ 
ware  that  can  make  a  significant 
impact  on  operational  expenses 
for  large  enterprises,”  he  says. 

In  addition  to  the  Multimaster 
SAM,  Opsware  offers  modules 
that  handle  infrastructure  provi¬ 
sioning,  application  distribution, 
server  security  management 
along  with  auditing  and  track- 
ing.The  company  offers  67  other 
modules  that  are  product  spec¬ 
ific,  such  as  for  BEA  Systems’ 
WebLogic  application  servers 
and  Oracle  databases. 

System  3  costs  $250,000  to  $3 
million,  depending  on  the  num¬ 
ber  of  servers  and  data  centers, 
and  the  number  of  modules  be¬ 
ing  used. 

Opsware:  www.opsware.com 


'  -  v,  v  ? 

Is  your  company’s  workforce  scattering  to  the  four 
winds?  Net.Worker  gives  you  the  tips,  tools  and  insight 
you  need  to  rise  to  the  challenge  and  keep  remote 
workers  up  and  running. 

log  on  to  www.nwfusion.com/net.worker/ 

■  j  www.nwfusion.com/net.worker/ 


on  the  company’s  existing  Multi¬ 
protocol  Label  Switching  (MPLS)- 
based  VPN  service  that  runs  over 
a  network  of  Cisco  switches  and 
routers.  The  service  also  includes 
customer-site  routers  that  Infonet 
manages.  MPLS  services  have 
been  popular  with  users  because 
they  let  existing  frame  relay  or 
ATM  customers  move  from  a 
point-to-point  network  architec¬ 
ture  to  a  fully  meshed  architec¬ 
ture  without  the  added  costs. 
Traditionally  users  were  required 
to  buy  dedicated  links  to  set  up  a 
meshed  network,  but  MPLS  lets 
users  establish  connectionless  IP 
networks  over  the  same  frame 
infrastructure. 

Infonet  offers  four  classes  of  ser¬ 
vice  called,  from  top  to  bottom, 
IP/RealTirne,  IP/Interactive,  IP/ 
LAN2LAN  and  IP/ Access.  These 
classes  are  established  by  mark¬ 
ing  packets  using  Differentiated 
Services  (Diff-Serv)  technology. 
Diff-Serv  is  an  Internet  Engin¬ 
eering  Task  Force-proposed  stan¬ 
dard  that  defines  how  to  establish 
various  service  levels  over  a  net. 

IP/RealTime  is  meant  for  voice 
and  video  traffic;  IP/lnteractive  is 
for  demanding,  critical  applica¬ 
tions  such  as  CRM  and  enterprise 
resource  planning;  IP/LAN2LAN 
is  for  less-delay-sensitive  applica¬ 
tions;  and  IP/Access  is  for  file 
transfers,  e-mail,  Web  browsing 
and  other  noncritical  traffic. 

These  four  classes  of  service  are 
offered  in  six  packages  that  have 
varying  mixes  of  service  qualities. 
One  package  offers  performance 
and  price  on  a  par  with  frame 
relay,  two  are  less  expensive,  and 
three  are  more  expensive  but 
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■  THIS  WEEK’S  QUESTION: 

Which  company  is 
acquiring  a  start-up 
called  Andiamo  to  boost 
its  storage  networks 
portfolio? 


Answer  this  and  nine  addnional  questions 
online  and  you  could  wm  $500!  Visit 


Network  Werid  Fusioe  and  enter  2349 
in  the  Search  ^ox. 

www.nwfusion.com 


more  responsive. 

The  service  is  available  through 
67  points  of  presence  in  the  U.S. 
and  77  POPs  in  52  other  coun¬ 
tries.  The  company  would  not 
reveal  pricing. 

Also  by  year-end,  Infonet  will 
offer  a  managed  voice  service 
over  the  MPLS  VPN  network  and 
early  next  year  will  expand  that  to 
include  a  managed  multimedia 
service.  Customers  could  run 
voice  and  video  over  the  network 
today  but  would  have  to  manage 
the  voice  and  video  themselves. 

Meanwhile,  Genuity  later  this 
month  will  announce  four  ser¬ 
vice  classes  for  its  Internet  Ad¬ 
vantage  Internet  Access  service. 
Until  now,  the  provider  offered 
only  two  classes  —  one  that  sup¬ 
ports  voice  and  video,  and  one 
for  all  other  types  of  traffic.  The 
company  is  adding  two  interme¬ 
diate  service  classes,  one  for 
demanding  data  traffic  and  one 
for  applications  on  which  cus¬ 
tomers  set  business  value  but  that 
are  not  as  demanding. 

Providers  rely  on  different  tech¬ 
nologies  for  classes  of  services. 
Infonet  and  Genuity  use  Diff-Serv 
to  mark  packets  for  priority  but 
carry  those  packets  over  different 
backbones.  Infonet  uses  a  core 
network  based  on  MPLS,  and 
Genuity  uses  one  based  on  IP 
over  SONET. 

Andrew  Ward,  Genuity’s  product 
development  manager,  says  run¬ 
ning  IP  directly  on  SONET  gives 
Genuity  sufficient  control  over  the 
traffic  to  impose  service  qualities. 

Infonet  and  other  carriers  such 
as  AT&T  use  MPLS  routers  con¬ 
nected  by  ATM  trunks  to  link  the 
Layer  3  IP  customer  traffic  to  the 
Layer  2. 

AT&T  uses  a  similar  arrange¬ 
ment  for  its  IP-enabled  frame 
relay  and  contends  this  architec¬ 
ture  provides  Layer  2  security  for 
the  IP  traffic,  according  to  Tim 
Halpin,  AT&T’s  national  frame 
relay  product  manager. 

Others,  including  Ward,  say  the 
only  way  to  ensure  security  is  to 
use  authentication  and  encryp¬ 
tion  at  either  end  of  each  con¬ 
nection.  The  company  plans  to 
announce  price  and  availability 
at  the  end  of  the  month.  ■ 
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So  many  network  applications. 
So  little  throughput. 

It’s  time  for  Gigabit  to  the  desktop. 


The  surge  in  network  applications  has  caused  bottlenecks  on  desktops  everywhere.  The  solution?  Help  your 
organization  tackle  all  those  network  backups,  remote  software  distributions  and  massive  file  downloads  by 
providing  an  equally  massive  increase  in  throughput.  With  the  Intel®  PRO/IOOO  MT  Desktop  Connection, 
you’ll  benefit  from  10  times  the  throughput.  Other  advantages:  a  Gigabit  connection  works  on  an  existing 
10/100  Mbps  Cat-5  network,  and  will  seamlessly  ramp  up  to  1000  Mbps.  When  this  Gigabit  connection 
is  combined  with  the  Intel®  Pentium®  4  processor,  studies  have  demonstrated  a  significant  boost  in  desktop 
performance.  Intel,  the  leader  in  desktop  connections,  makes  multi-tasking  less  of  a  task  —  cost-effectively 
and  without  any  need  for  expensive  rewiring.  Intel®  PRO  Network  Connections.  The  intelligent  way  to  connect. 


For  a  trial  kit,  product  and  test  information:  www.intel.com/go/desktopgig 
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Sisco,  Symbol  upgrade  wireless  wares 


■  BY  JOHN  COX 

Cisco  and  Symbol  Technol¬ 
ogies,  two  of  the  leading  makers 
of  wireless  LAN  products,  sepa¬ 
rately  will  roll  out  equipment  this 
week  that  takes  the  technology  to 
a  new  level. 

Cisco  will  begin  shipping  54M 
bit/sec  products  based  on  the 
802.11a  standard  and  its  own  5- 
GHz  Radiata  chipset.  Symbol  will 
introduce  Level  3  and  4  switching 
features  into  a  box  designed  to 
give  network  managers  more  con¬ 
trol  over  wireless  LAN  packets. 

Some  Cisco  rivals  began  ship¬ 
ping  802.1  la-based  wireless  LAN 
access  points  and  network  inter¬ 
face  cards  (NIC)  based  on  the 
Atheros  chipset  about  10  months 
ago.  Given  Cisco’s  standing  as  the 
dominant  network  equipment 
vendor,  its  entry  into  the  802.11a 
market  is  expected  to  boost  sales 
of  the  technology 

Cisco’s  Aironet  wireless  LAN 
business  is  consistently  ranked  as 
the  No.  1  or  No.  2  brand  in  the 
enterprise  market  for  802.11b 
wireless  LANs,  which  run  at  11M 
bit/sec. 

The  new  802.1  la  Aironet  prod¬ 
ucts  includes  a  module  that  plugs 
into  the  second  slot  of  the  exist¬ 
ing  Aironet  1200  access  point, cre¬ 
ating  a  “dual-band”  access  point 
that  can  handle  802.11b  and 

802.1  la  users. Cisco  also  is  releas¬ 


ing  a  CardBus  NIC,  which  will  let 
any  32-bit  client  device  with  a  slot 
for  the  credit  card-sized  NIC 
make  a  wireless  net  connection. 

The  Aironet  1200,  sold  as  an 
802.11b  access  point,  lists  for 
about  $1,000  and  costs  about 
$1,350  when  sold  with  an 

802.1  la  interface. Fitted  with  one 
802.11a  and  one  802.11b  card, 
the  price  is  $1,500.  The  CardBus 
NIC  costs  $230. 

Switched  on 

Symbol’s  switched  wireless 
Axon  product  will  have  a  chance 
to  shine  from  the  start,  because  it 
is  being  deployed  as  part  of  the 
NetWorld+Interop  show  network 
next  week  in  Atlanta.  In  effect, 
Symbol  has  streamlined  its  ac¬ 
cess  point  product,  reducing  it  to 
what  executives  call  a  wireless 
access  port,  which  is  scarcely 
more  than  a  compact  802. 1 1  b  (or 
in  future  802.11a)  radio  (see 
graphic). 

End  users  with  a  wireless  LAN 
card  fitted  into  a  laptop  or  hand¬ 
held  device  connect  via  radio  to 
the  Axon  access  port,  which  is 
linked  via  wire  to  a  standard 
Ethernet  switch.  A  separate  Axon 
device,  called  the  wireless  switch, 
plugs  into  the  Ethernet  switch. 
The  wireless  switch  has  software 
to  support  Level  2,3  and  4  switch¬ 
ing  features  and  apply  these  to 
the  wireless  packets,  which  are 


Switched  wireless  LANs 

Symbol’s  simplified  wireless  access  ports  link  to  a  standard 
Ethernet  switch.  A  separate  Symbol  wireless  switch 
processes  packets,  applies  security  and  class-of-service 
policies,  manages  and  configures  the  access  ports. 


Symbol's  Axon  wireless  LAN  switch: 

•  Layer  2,3,4  switch 

•  configuration  management 

•  security 


Laptops  with  802.11b 
interface  cards 


802.11b  wireless  LAN 
link 


Ethernet  switch 


then  passed  back  to  the  wired 
corporate  LAN. 

The  result:  Among  other  things, 
network  managers  can,  allocate 
bandwidth,  create  classes  of  ser¬ 
vice  and  set  security  features, 
based  on  groups  of  users  or  on 
the  type  of  application. 

Technically,  Symbol  executives 
say,  the  radio  connection  between 
the  client  device  and  the  Axon 
access  port  remains  a  shared 
medium:  In  practice, all  users  con¬ 
necting  to  a  given  access  port 
have  to  split  up  either  about  5M  to 
7M  bit/sec  for  802.11b  or  17M  to 
22M  bit/sec  for  802.1  la. 


‘New’  HP  posts  mixed  results 


The  802.11b  access  port  has  a 
list  price  of  $250.  The  wireless 
switch’s  price  varies  with  the 
number  of  ports:  $2,900  for  six 
ports,  $3,720  for  12, and  $5,370  for 
24. Symbol  executives  say  compa¬ 
nies  will  pay  less  overall  for  an 
Axon  deployment  because  of  the 
comparative  low  cost  of  the  wire¬ 
less  access  ports. 

Other  vendors  have  adopted  a 
similar  approach  to  wireless 
LANs.  Proxim  has  an  access  point 
controller  for  centrally  managing 
big  wireless  LAN  deployments. 
Bluesocket  has  a  line  of  what  it 
terms  wireless  gateways  that  offer 
management  and  security  fea¬ 
tures,  including  class  of  service,  for 
large  numbers  of  wireless  users. 

More  on  the  way 


■  BY  DENI  CONNOR 

PALO  ALTO  —  Hewlett-Packard  watchers  were 
unfazed  last  week  by  the  company’s  posting  of  a  $2 
billion  quarterly  loss  in  what  was  its  first  financial 
report  to  include  results  from  the  recently  acquired 
Compaq.  Eyebrows  were  raised,  however,  by  a  slip¬ 
page  in  revenue  attributable  in  part  to  sluggish 
enterprise  computing  sales. 

HP’s  loss  was  largely  the  result  of  nonrecurring 
merger-related  charges.  Without  those  charges,  the 
company  would  have  turned  a  profit  of  $420  mil¬ 
lion  for  its  fiscal  third  quarter,  ended  July  31,  vs.  a 
profit  of  $320  million  in  the  comparable  quarter 
last  year. 

"The  reported  operating  loss  included  what  might 
be  considered  to  be  somewhat  one-timish  ele¬ 
ments,  including  obsolescence  charges  for  HP 
Netservers,  which  are  earmarked  for  end  of  life,” 
says  Richard  Shu,  managing  director  for  brokerage 
firm  SG  Cowen. 

Analysts  say  the  after-charges  profit  was  actually  a 
sign  that  HP  might  be  starting  to  realize  some  of  the 


cost-cutting  benefits  it  said  would  result  from  the 
merger  during  the  takeover  that  lasted  from  last  fall 
to  this  May. Operating  expenses  were  down  10%  year 
over  year,  and  HP  says  it  is  on  track  to  achieve  cost 
savings  of  $2.5  billion  by  the  end  of  next  year. 

But  analysts  were  discouraged  by  the  drop  in  rev¬ 
enue  from  $18.6  billion  in  last  year’s  fiscal  third  quar¬ 
ter  to  $16.5  billion  in  the  most  recent  quarter.  HP 
blames  the  decrease  on  the  weak  economy  and 
cites  particular  weakness  in  its  enterprise  servers, 
storage  and  management  software.  Combined,  HP 
and  Compaq  revenue  fell  22%  in  these  areas  from  a 
year  ago  to  $3.8  billion,  from  $4.8  billion.  Price  pres¬ 
sure  in  the  RISC  and  Intel  server  markets, and  in  stor¬ 
age,  took  its  toll  on  HP’s  numbers,  according  to  a 
research  note  issued  by  Steve  Milunovich,  a  vice 
president  at  Merrill  Lynch. 

Gartner  last  week  released  a  survey  that  showed 
overall  server  sales  slipping,  and  HP  and  Compaq 
getting  hit  hard.  HP’s  server  revenue  fell  21.3%  and 
Compaq’s  fell  21.8%  year  over  year,  and  the  com¬ 
panies  lost  market  share  as  well.  IBM  and  Sun 
gained  share.  ■ 


The  Cisco  and  Symbol  an¬ 
nouncements  are  only  the  latest 
of  what’s  expected  to  be  a  flurry 
of  wireless  LAN  advances  over 
the  next  few  months. 

Later  this  fall,  network  execu¬ 
tives  can  expect  to  see  so-called 
combo-cards,  wireless  client 
cards  that  can  attach  to  an 
802.11b  or  802.11a  wireless  LAN. 
A  key  requirement  will  be  soft¬ 
ware  that  will  handle  this  sensing 
and  connecting,  with  almost  no 
effort  needed  by  end  users. 

Also  expected  are  wireless  LAN 
roaming  agreements  and  cus¬ 
tomer  information  systems  that 
let  mobile  workers  use  whatever 
wireless  service  provider  is  near¬ 
est,  while  the  back-end  billing 
is  coordinated  through  their 
“home”  providers. 

By  year-end,  products  based  on 
new  802.1  la  chipsets  will  start  to 


roll  out,  giving  network  execu¬ 
tives  more  choices  and  probably 
leading  to  lower  prices. 

Yet  another  wireless  LAN 
option  will  emerge  by  year-end: 
the  first  implementations  of  the 
IEEE  802. 1  lg  specification,  which 
will  boost  the  data  rate  in  the  2.4- 
GHz  band,  today  used  by 

802.1  lb, up  to  54M  bit/sec. 

Cisco  is  working  with  chip 
maker  Intersil  on  a  joint  refer¬ 
ence  design  for  a  wireless  chip  to 
support  802.1  lg  and  the  others. 

One  drawback  is  that  802.1  lg, 
like  802. 1 1  b,  has  only  three  chan¬ 
nels,  whereas  802.11a  supports 
eight,  allowing  far  more  users  on 
each  access  point.  Cisco  plans  to 
have  an  802.1  lg  module  that  can 
be  plugged  into  the  1200  chassis. 

Vendors  haven’t  announced 
pricing  for  the  802.1  lg  products. 

Later  this  year  or  early  next  year, 
vendors  might  introduce  some 
security  improvements  in  the  pro¬ 
posed  IEEE  802.1  li  specification. 
The  IEEE  is  expected  to  approve 

802.1  li  late  this  year  or  in  the  first 
half  of  next  year. 

Stronger  wired  equivalent  priv¬ 
acy  encryption  and  other  media- 
access-control  layer  features  of 
802. Hi,  can  be  adopted  by  up¬ 
dating  wireless  LAN  firmware. 
Other  features, such  as  support  for 
the  powerful  Advanced  Encryp¬ 
tion  Standard,  will  require  new 
co-processing  hardware.  ■ 


Corrections 


IB  The  story  “Progress  at  a 
price”  (Aug.  26,  page  48)  said 
that  Nortel  Networks  Split 
Multilink  Trunking,  operating  on 
a  Passport  8600  tested,  was 
unable  to  communicate  with  the 
full  range  of  devices  tested. 
Nortel’s  Split  MLT  was  never 
tested;  the  Passport  8600  sup¬ 
ported  the  Spanning  Tree 

I  Algorithm  during  the  interoper¬ 
ability  tests. 

B  In  the  story  “Yipes  co- 
founder  giving  metro  Ethernet 
another  whirl"  (Aug.  26,  page 
8),  the  description  of  bandwidth 
|  increments  available  should  have 
>  stated  that  bandwidth  can  be 
<  ordered  in  1M  bit/sec  incre- 
'/  ments,  ranging  from  1M  to  1G 
bit/sec. 


total  document  solutions 
for  business 


One  company  provides  solutions  for  virtually 
every  imaging  need.  Like  network  copiers  that 
scan  directly  to  email  or  fax.  And  document 
systems  that  enable  you  to  create,  store  and 
print  forms  on  demand.  One  company  gives 
you  color  for  about  the  cost  of  black  &  white. 
And  enables  you  to  manage  all  connected 
printers  and  copiers  from  a  single  site. 

One  company.  Kyocera  Mita. 

Call  1-800-222-6482  for  a  dealer  near  you. 
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total  document  solutions 
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KYOCERA  MITA  AMERICA 
www.kyoceramita.com 
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Credit  union  rethinks 
disaster  recover 


Municipal  Credit  Union  is  one  of  many  organiza¬ 
tions  that  has  found  it  much  easier  to  justify  imple¬ 
menting  an  improved  business-continuity  program 
in  the  past  year. 

"We  didn't  have  any  trouble  getting  money  after 
Sept.  11,”  says  Barry  Grant,  CTO  for  the  $918  mil¬ 
lion  outfit,  which  provides  financial  services  to 
300,000  of  New  York’s  firemen,  police  officers  and 
healthcare  workers. 

Before  Sept.  11.  Municipal  Credit  Union  relied  on 
tapes  to  protect  its  business;  Grant  had  planned  to 
deploy  a  snapshot  back-up  system  to  take  images 
of  the  system  at  scheduled  times.  But  in  the  wake 
of  the  attacks,  his  plans  changed  dramatically. 

“We  were  addressing  what  we  thought  were  flaws 
in  the  plan  before  Sept.  11,"  Grant  says.  “The 
thought  was  that  if  it  took  a  couple  of  days  to 
recover,  it  wasn't  that  critical  a  situation  —  we 
could  work  offline.” 

After  being  forced  out  of  its  building,  the  credit 
union  worked  offline.  Grant  recovered  the  back-up 
tapes  from  the  dust  and  debris  that  littered  the 
company's  headquarters,  located  across  the  street 
from  Ground  Zero.  The  company  logged  transac¬ 
tions  on  paper  until  Grant  brought  the  company's 
network  back  online  a  week  later. 

Since  then,  Grant  has  connected  two  SAN  Valley 
SL1000  IP-SAN  bridges  to  Municipal  Credit  Union's 
HP  StorageWorks  EMA  12000  storage  arrays, 
which  replicate  data  in  real  time  between  storage- 
area  networks  in  New  York  and  New  Jersey. 

“Business  continuity  is  now  an  integral  part  of 
our  operations,"  Grant  says.  “When  we  are  asked 
about  bringing  up  new  applications,  part  of  it  is: 

How  do  we  recover  from  a  failure?" 

—  Deni  Connor 
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ways  to  spread  out  critical  data,  IT  systems  and  employ¬ 
ees.  Other  changes:  Businesses  that  turned  to  videocon¬ 
ferencing  to  reduce  corporate  travel  after  the  attacks 
seem  to  have  stuck  with  it;  others  have  bought  into 
voice  over  IP  as  being  more  resilient  than  traditional 
telephony. 

At  the  same  time,  the  country’s  major  carriers  have 
been  reassessing  their  networks  and  stretching  to  meet 
the  changing  demands  of  their  corporate  customers. 


Backing  up  business 

Dave  Purdy,  director  of  business  continuity  at  storage 
vendor  EMC,  says  his  company  has  seen  a  change  in  the 
way  companies  look  at  business  continuity 

“Even  customers  that  thought  they  were  doing  things 
well  are  revisiting  their  assumptions,”  he  says.“Feople  his¬ 
torically  would  attempt  to  identify  the  risk  areas  —  fire, 
earthquake,  power  outage.  Sept.  1 1  ingrained  in  people: 
‘Don’t  try  to  plan  for  a  particular  type  of  outage.  Plan  for 
the  impact  of  the  outage.’  It’s  a  different  mindset.” 

Rich  Arenaro,  corporate  vice  president  and  general 
manager  of  Windows  and  Unix  systems  at  Commerz¬ 
bank  in  New  York  City,  agrees.  Commerzbank,  located  in 
2  World  Financial  Center,  is  across  the  street  from  where 
the  towers  stood.  Commerzbank  uses  EMC’s  Symmetrix 
Remote  Data  Facility  (SRDF)  software  to  replicate  data 
from  one  storage-area  network  in  the  city  to  another  in 
Rye,  N.Y.,  about  30  miles  away. The  company  had  com¬ 
pleted  the  bulk  of  the  project  just  prior  to  Sept.  1 1  and 
got  most  of  its  critical  systems  back  online  within  four 
hours  after  the  attacks. 

Even  so,  Arenaro  says  since  Sept.  1 1  there  has  been  a 


greater  focus  on  ensuring  not  only  that  data  will  be  pro¬ 
tected  but  also  that  business  will  be  able  to  continue 
when  disaster  strikes. 

“Our  strategy  had  been  based  on  a  false  one-to-one 
ratio  of  technology,  meaning  if  I  buy  a  server  here  and 
one  for  Rye,  I’m  protected,”  Arenaro  says. “The  reality  is 
when  you  are  faced  with  that  situation,  having  hardware 
really  is  the  least  of  your  worries.  It’s  really  having  your 
data  and  your  systems  available  and  ready  to  use." 

Enabling  business  to  continue  immediately  was  not 
the  focus  for  law  firm  Harris  Beach  LLPwhich  had  an 
office  on  the  85th  floor  of  World  Trade  Center  Tower  2. 
The  firm  lost  six  employees,  its  office  and  its  files  during 
the  attacks  (see  story  “Law  firm  revamps  after  attacks,” 
page  13). 

“As  a  law  firm,  if  we  suffer  a  cataclysmic  disaster,  we 
don’t  need  to  be  up  in  an  hourf  says  Alan  Winchester,  a 
technology  partner  at  the  firm. “People  aren’t  ready  to 
work  in  a  day  or  two. . .  .The  only  thing  you  want  to  get 
going  quickly  is  your  e-mail  and  telephone  [so  people 
can  stay  connected].” 

Harris  Beach  also  went  to  work  installing  a  system  to 
scan  all  incoming  documents  and  turn  them  into  digital 
files  it  stores  at  local  offices  and  at  headquarters  in 
Rochester,  N.YThe  firm  had  considered  a  paperless  sys¬ 
tem  before  the  attacks,  he  says,  but  the  project  never  got 
going  because  of  the  time  and  energy  associated  with 
scanning  every  document. 

While  each  business  must  determine  for  itself  what 
degree  of  business  continuity  and  disaster  recovery  is 
necessary  some  network  executives  say  that  getting  the 
financial  go-ahead  to  fund  such  projects  has  gotten 
much  easier  since  Sept.  1 1. This  despite  an  economy 
that  1DC  says  has  let  IT  spending  this  year  sneak  up  just 
3%  to  $4Mj 
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“What  Sept.  1 1  did  was  open  the  eyes  of  executives  and 
make  it  easier  for  me  to  justify  security  perimeters  and 
projects,”  First  American  Title’s  Godec  says.  Godec  is  over¬ 
seeing  a  revamp  of  his  company’s  network  to  support  an 
enterprisewide  IP-based  application  and  a  new  redun¬ 
dant  site  in  Dallas.“It  really  made  it  easier  to  push  a  lot  of 
the  initiatives  that  were  already  on  the  table,”  he  says. 

A  job  for  new  technologies 

While  disaster  recovery  and  business  continuity  may 
have  received  the  bulk  of  post-Sept.  1 1  attention,  there 
are  many  creative  initiatives  under  way  at  companies 
that  have  turned  to  technologies  that  were  little  used 
before  the  attacks. 

At  chemicals  and  materials  company  Grace  in 
Columbia,  Md.,  CEO  Paul  Norris  clamped  down  on  cor¬ 
porate  travel  following  the  attacks.  As  a  result,  employees 
who  are  spread  out  in  offices  in  the  U.S.,  South  America, 
Asia  and  Europe  were  forced  to  make  use  of  the  com¬ 
pany’s  Fblycom  Web  conferencing  software. 

While  the  technology  had  been  available  to  employees 
for  about  four  years,  its  use  since  Sept.  1 1  has  spiked.  Just 
this  July,  the  company  held  42  meetings  via  the  Web, 
avoiding  international  travel  to  meetings  that  could  have 
cost  as  much  as  $40,000  apiece.  Guy  Welty,  manager  of 
global  media  networks  and  collaborative  services  for 
Grace,  says  videoconferencing  is  expected  to  save  the 
company  more  than  $1.2  million  in  the  corporate  head¬ 
quarters  alone  this  year. 

Another  technology  that  is  getting  more  attention  is 
VoIPAt  the  Benjamin  School,  K-12  private  school  in 
North  Palm  Beach,  Fla.,  with  about  25  buildings  on  a 
campus  about  the  size  of  a  city  block,  a  new  VoIP  system 
was  installed  in  the  wake  of  Sept.  11. 

While  the  school  was  not  directly  affected  by  the 


events  in  New  York  and  Washington,  D.C.,  it  found  its 
phone  lines  down  because  of  a  lightning  strike  with  no 
way  for  parents  to  reach  their  children  on  the  day  of  the 
attacks.  With  3Com’s  VoIP  system  that  was  installed  in 
February,  the  school  has  put  phones  in  each  classroom 
and  has  updated  its  disaster  plan. 

“We  now  have  a  mass  communications  system  where 
we  can  page  all  the  phones  simultaneously,  as  well  as 
the  outside  horns  and  inside  speakers,” says  Dustin 
Durbin,  technology  coordinator  at  the  school. “We 
haven’t  had  any  issues  since  we  installed  the  system, 
which  runs  over  a  managed  network  rather  than  over  a 
bunch  of  analog  cables  in  the  ground.” 

Security  is  another  hot  topic,  especially  because  the 
focus  now  is  on  geographically  distributed  network  stor¬ 
age  and  data  replication. 

“People  will  be  moving  to  online  backup  and  mirroring 
over  a  broad  geographic  area.That  means  information 
will  have  to  traverse  electronic  networks,  and  that’s  an 
unsafe  environment,” says  Bill  Crowell,  CEO  of  security 
firm  Cylink.and  formerly  of  the  National  Security 
Agency  where  he  oversaw  information  security  systems 
development  and  the  agency’s  operational  intelligence 
mission.“Security  comes  to  the  fore.” 

Newmont  Mining  in  Denver,  with  offices  worldwide, 
was  already  looking  at  ways  to  better  protect  its  network 
before  Sept.  1 1 . 

“What  Sept.  1 1  did  was  reinforce  that  security  had  to 
become  more  of  a  key  piece  of  what  we  do  rather  than 
something  done  on  the  side,”  says  Dan  Kesl,  manager  of 
information  security.The  security  of  our  information 
and  our  employees  around  the  world  is  a  high  priority’ 

Because  Kesl  wanted  round-the-clock  monitoring  of 
firewalls,  intrusion  . detection,  antivirus  and  other  ser- 

that  responsibility  to 
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Law  firm  revamps 
after  attacks 


On  the  morning  of  Sept.  11, 

Alan  Winchester,  technology 
partner  for  the  New  York  office  of 
Harris  Beach  LLP,  was  preparing 
for  trial.  Winchester  was  in  his 
Brooklyn  apartment  when  he  looked 
out  over  lower  Manhattan  and  saw 
the  planes  hit.  His  law  firm's 
offices,  located  on  the  85th 
floor  of  Tower  2,  were 
destroyed,  and  while  most 
of  the  100  or  so  staff  made 
it  out,  six  people  died. 

"Technology  was  about  the  farthest  thing  from 
my  mind  that  morning,"  Winchester  says.  “It’s  the 
people.  You're  worrying  about  the  people,  the 
families,  and  making  sure  everyone  is  OK." 

Harris  Beach  leaned  on  Litigation  Management 
Group  (LMG),  a  technology  company  focused  on 
the  legal  industry.  LMG  procured  the  hardware 
needed,  while  a  client,  Harris  Interactive,  provided 
temporary  quarters  in  its  5th  Avenue  offices. 

Harris  Beach  brought  in  grief  counselors,  and 
about  a  week  after  the  events  IT  began  to  focus 
on  regrouping.  The  firm  had  a  disaster  plan  and 
made  many  changes  to  how  it  managed  its  net¬ 
work,  Winchester  says.  The  biggest  change  was 
the  move  to  a  paperless  office  in  which  every  doc¬ 
ument  that  comes  in  is  scanned.  Harris  Beach 
had  long  depended  on  paper  files  and  lost  nearly  a 
quarter  acre  of  files  in  the  attacks. 

And  because  the  firm  had  to  relaunch  its  net¬ 
work  from  scratch,  it  switched  from  being  a 
Novell  shop  to  a  Windows  shop,  a  move  that  was 
stymied  in  the  past  because  of  reluctance  within 
the  IT  department  and  because  of  the  cost  asso¬ 
ciated  with  the  transition. 

"It's  important  to  have  a  [disaster]  plan  and  to 
make  the  plan  when  the  skies  are  clear,"  he  says. 
"Then  when  everything  gets  gray  and  dark  you 
know  what  you  need  to  do. . . .  If  you're  trying  to 
develop  that  right  after  the  disaster,  you're  not 
thinking  well  and  the  odds  are  you’re  going  to 
recreate  what  you  had,  so  you're  not  going  to  be 
able  to  make  it  better." 

—  Jennifer  Mears 


14  NelworkWorld 


managed  security  service 
provider  Guardent. 

“To  train  and  bring  up  internal 
staff  would  have  been  very 
time-consuming  and  very 
expensive,”  Kesl  says. “To  get  the 
service  levels  we  needed  we 
had  to  go  outside.” 

One  more  area  that  is  getting 
increased  attention  since  Sept. 

1 1  is  how  to  ensure  communi¬ 
cation  within  companies  and 
between  the  public  and  private 
sectors  in  the  event  of  disaster. 

Technology  firm  Candle  cre¬ 
ated  the  National  Center  for 
Crisis  and  Continuity  Coord¬ 
ination  in  February  to  provide 
collaboration  assistance  to  the 
private  and  public  sectors  dur¬ 
ing  emergencies. 

“We’re  not  replacing  the  disas¬ 
ter-recovery  firms,”  says  Jim 
Montagnino,  the  center’s  gener¬ 
al  manager.“What  we’re 
involved  in  and  what  we’re  find¬ 
ing  is,  especially  in  the  wake  of 
9/1 1,  businesses  are  realizing 
they  need  ways  of  getting  infor¬ 
mation  from  the  police,  fire 
departments  and  emergency 
personnel.” 

“And  the  public  sector  needs 
to  know  when  businesses  have 
closed  down  and  evacuated,” 
Montagnino  says. 

Carriers  respond 

As  businesses  modify  their  net¬ 
work  strategies,  carriers  are  see¬ 
ing  a  change  in  customer 
demand.  Cable  &  Wireless  says  it 
has  seen  demand  for  its  IP  VPN 
servicedouble  since  the  end  of 
last  year;  WorldCom  reports  see¬ 
ing  double-digit  growth  in  de¬ 
mand  for  collocation  and  man¬ 
aged  hosting  in  the  past  year,  a 
trend  it  attributes  to  customers’ 
heightened  sense  of  security 

“The  big  change  since  9/1 1  is 
customers  are  actually  looking 
for  redundancyf”says  Audrey 
Wells,  senior  manager  of  global 
VPN  services  at  WorldCom. “We 
don’t  need  to  tell  them  why  they 
need  it." 

At  the  same  time,  carriers  have 
been  reviewing  their  own  net¬ 
work  architectures.The  hardest 
hit  of  all  the  carriers  on  Sept.  1 1 
was  Verizon,  which  had  its  cen¬ 
tral  switching  station  next  to  the 
World  Trade  Center.  Verizon  has 
completed  most  of  the  repairs  to 
its  heavily  damaged  West  Street 
central  office  and  to  lines  that 
were  cut  in  lower  Manhattan, 
says  Marlene  Grant,  executive 
director  of  network  planning  for 
Verizon. 

The  carrier  has  installed  more 
than  40  miles  of  new  fiber 
downtown,  and  Grant  says  that 
voice  and  data  service  there  has 
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Helping  federal  agencies  regroup 


Within  an  hour  of  the  first  plane  striking  on 
Sept.  11,  the  General  Services  Administration 
established  a  response  team  consisting  of 
resources  from  multiple  federal  technology 
organizations.  Denny  Groh, 
acting  associate  commissioner 
for  service  delivery  at  the 
GSA,  led  the  effort,  which  was 
designed  to  help  federal  agen¬ 
cies  within  the  World  Trade 
Center  and  the  Pentagon 
resume  operations. 

The  GSA  learned  lots  of 
lessons.  For  example,  many  of 
the  600  cell  phones  it  quickly  shipped  to  emer¬ 
gency  personnel  were  initially  unusable 
because  of  damaged  cell  sites.  Carriers  sent 
in  cellular  sites  on  wheels  that  got  those  sys¬ 
tems  back  into  use.  As  for  landline  communi¬ 
cations,  workers  had  to  get  creative. 

"Wires  were  actually  strung  out  of  14-story 
buildings,"  Groh  says.  “Some  of  the  photos  they 
brought  back  were  just  amazing:  10  blocks  of 
rubble  with  hanging  wire  that  crossed  what 
used  to  be  streets  to  connect  buildings  so  that 
they  could  communicate  and  actually  start  con¬ 


ducting  their  ’normal’  operations." 

The  team  later  turned  to  microwave  sys¬ 
tems,  although  they  proved  difficult  to  deploy 
with  many  building  owners  unreachable.  "We 
learned  that  you  could  do 
microwave  shots  from  build¬ 
ings  through  windows  and  get 
connectivity,"  Groh  says. 

New  efforts  include  a  land 
mobile  radio  system  that  will 
let  first  responders  communi¬ 
cate  regardless  of  what  fre¬ 
quency  they're  using.  Another 
initiative  gives  federal  agen¬ 
cies  a  menu  of  six  options  that  will  let  them 
choose  the  type  of  network  security  they  need 
at  a  price  they  can  afford. 

Importantly,  Groh  says  agencies  within  the 
federal  government  have  learned  to  work 
together  better  on  technology  and  communi¬ 
cations  issues. 

“You  can  have  the  best  technology  in  the 
world,  but  if  it's  not  provided  to  the  people  who 
need  it  when  they  need  it,  it's  not  going  to  do 
any  good,"  he  says. 

—  Jennifer  Mears 


returned  to  normal  levels.  But 
the  phone  giant  still  has  some 
significant  work  ahead  of  it  to 
get  the  network  permanently 
restored  .Verizon  estimates  it  will 
not  be  completely  finished 
rebuilding  its  network  until  2004. 

Three  of  the  West  Street  switch¬ 
es  that  were  damaged  in  the 
Sept.  1 1  attack  are  being 
replaced  — Verizon  already  has 
replaced  one  of  them  —  with¬ 
out  disrupting  customer  service, 
Grant  says. 

Finally, Verizon  is  building  more 
reliability  and  survivability  into 
its  network,  and  part  of  that 
effort  involves  reducing  the 
number  of  circuit  hops.  For 
example,  Grant  says  a  circuit  ter¬ 
minating  in  White  Plains,  N.Y., 
north  of  Manhattan,  might  typi¬ 
cally  be  routed  through  a  cen¬ 
tral  office  in  the  Bronx  and  two 
more  central  offices  in  upper 
Manhattan  before  reaching 
lower  Manhattan. 

“We’re  looking  now  at  taking 
that  circuit  and  making  it  maybe 
one,  or  at  most,  two  hops,”  she 
says. 

Up  to  20%  of  the  circuits  that 
ran  through  the  West  Street  cen¬ 
tral  office  were  pass-through  cir¬ 
cuits,  meaning  they  didn’t  need 
to  run  through  the  office,  and 
Verizon  wants  to  significantly 
lower  that  number  in  all  its 
lower  Manhattan  central  offices, 
Grant  says. 

Another  improvement  Verizon 


is  making  is  adding  more  SONET 
rings,  which  are  designed  to  sur¬ 
vive  cuts,  in  lower  Manhattan. 
Verizon  is  not  only  adding  more 
rings  to  the  company’s  backbone 
network  but  also  is  pushing  them 
to  customer  premises  wherever 
possible. 

Other  carriers,  including 
WorldCom  and  C&Wsay  they 
were  satisfied  with  how  their 
network  architectures  per¬ 
formed.  Both,  however,  say  they 
underwent  extensive  reviews  fol¬ 
lowing  the  attacks  to  see  where 
improvements  could  be  made. 

WorldCom  has  created  an 
organization  dedicated  to  busi¬ 
ness  continuance  and  emer¬ 
gency  response. 

The  carrier’s  hazardous  materi¬ 
als  team,  which  can  be  sent  in  to 
fix  equipment  when  there  are 
biological  dangers,  also  is  avail¬ 
able  nationwide  and  has  been 
trained  to  deal  with  new  threats, 
such  as  anthrax. 

Another  big  focus  among  the 
carriers  is  an  effort  to  ensure 
smooth  partnering  in  the  event 
of  another  disaster.  On  Sept.  1 1 , 
the  carriers  helped  each  other 
by  moving  customers  onto  oper¬ 
ating  lines. 

“A  lot  of  carriers  have  come 
together  because  they  realize 
that  when  an  incident  like  that 
occurs  we  need  to  work  closely 
together  to  get  communication 
established. That  way  we  can 
bring  up  our  customers  and  get 


some  kind  of  service  restored  to 
them  in  a  more  timely  manner,” 
says  Jim  Weber,  vice  president  of 
network  operations  at  C&W 

Communication  and  diversity 
might  be  the  key  to  how  busi¬ 
nesses,  carriers  and  public  agen¬ 
cies  can  steel  themselves  against 
network  problems  in  the  event 
of  future  disasters.The  GSAs 
Groh  says  organizations  need  to 
understand  that  diversity  means 
more  than  multiple  service 
providers,  it  means  having  net¬ 
work  support  that  ranges  from 
landline  to  wireless. 

“So  if  switching  stations  are 
taken  out,  or  central  office 
switches  are  taken  out,  business 
can  be  rerouted  instantaneously 
and  not  just  through  hardwire 
assets  but  also  through  satellite, 
microwave  and  other  ways.  The 
thing  is  to  ensure  that  whatever 
bad  people  do  you  have  the 
ability  to  overcome  it,”  Groh 
says.B 
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Taking  a  new  road 

A  sampling  of  automakers'  e-business  plans: 

DaimlerChrysler 

•  Phasing  out  bisynchronous  ED!  and  leased  lines  to  value-added 
networks  in  favor  of  secured  IP  data  exchange  with  trading  partners, 
primarily  through  VPNs. 

•  Plans  to  support  collaborative  CAD/CAM  applications  over  ANX. 


•  Will  require  suppliers  on  the  ANX  to  use  a  new  Ford-subsidized 
IP  Security  service,  dubbedTunnelz,  in  an  effort  to  avoid 
interoperability  problems  with  multivendorVPNs. 

•  Phasing  out  decades-old  Ford  Supplier  Network  in  favor  of 
eVerest,  its  Web-based  portal;  offering  XML  as  an  EDI  alternative. 


•  Will  no  longer  use  bisynchronous  EDI  with  new  suppliers  and  will 
phase  out  bisynchronous  EDI  connections  for  all  GM  suppliers  by 
year-end  in  favor  of  IP-based  EDI  via  the  ANX  or  the  Internet. 

•  Dissatisfied  with  ANX  service  availability  and  pricing,  might 
establish  its  own  secure  VPN-based  network  with  suppliers. 


AutoTech 

continued  from  page  1 

purchase  orders  and  request  for 
quotes.  Most  suppliers  will  find 
themselves  in  eVerest  and  Ford 
Supplier  Network  for  at  least 
another  year,”  Kobet  says.  She 
adds  that  Ford  is  sending  out 
notices  now  to  the  corporate 
security  officers  at  Ford  trading 
partners  about  the  changes  be¬ 
cause  it  will  involve  new  security 
procedures  and  controls. 

The  new  commerce  platform 
will  still  process  electronic  data 
interchange  messages  for  pur¬ 
chasing,  remittance  and  ship¬ 
ping  as  the  auto  industry  has  for 
decades.  But  the  focus  will  be 
squarely  on  moving  to  EDI  over 
IRwith  a  phase-out  of  bisynchro¬ 
nous  EDI  with  suppliers.  For  the 
first  time,  Ford  will  encourage 
suppliers  to  start  using  XML  as 
an  optional  alternative  to  EDI. 

“We  see  XML  as  a  mechanism 
for  data  integration,"  says  Tim 
Thomasma,  Ford’s  plant  floor  sys¬ 
tems  architect.  Ford  wanted  to 
gain  real-world  XML  experience 
with  suppliers  using  eVerest,  he 
adds. 


At  last  weeks  AutoTech  confer¬ 
ence,  representatives  from  Daim¬ 
lerChrysler  and  General  Motors 
also  expressed  keen  interest  in 
XML  The  auto  industry’s  trade 
association,  AIAG,  which  often 
takes  the  lead  on  auto  industry 
standards,  says  it  hopes  to  get  the 
Big  Three  to  agree  on  XML  tech¬ 
nical  elements. 

According  to  Pat  Snack,  a  GM 
executive  working  at  AIAG  on 
industry  standards,  AIAG  favors 
the  Open  Application  Group’s 
Business  Object  Documents  at 
this  point  for  XML.“We’re  trying  to 
get  critical  mass  behind  XML  and 
the  way  we  use  it,”  she  says.  “With 
EDI,  we  ended  up  with  the  Big 
Three  all  doing  something  differ¬ 
ent,  and  we  don’t  want  to  have 
that  happen  with  XML.” 

Trouble  in  VPN  land 

Meanwhile,  the  Big  Three  are 
becoming  frustrated  over  interop¬ 
erability  problems  with  the  multi¬ 
vendor  VPN  gear  used  on  the 
ANX,  a  huge  privately  run  e-com- 
merce  network  that  is  mainly  for 
the  automotive  industry.  As  has 
been  the  case  since  the  ANX  was 
founded  two  years  ago,  the  ser¬ 
vice  is  only  provided  by  ISPs  that 


have  met  strict  quality  controls 
approved  by  technical  staff  of 
ANXeBusiness,  a  division  of  SAIC 
that  bought  the  ANX  from  the 
AIAG  a  few  years  ago.  Trading 
partners  that  want  to  use  ANX, 
including  those  outside  the  auto 
industry  such  as  Boeing,  must  use 
IP  Security  (IPSec)-based  VPNs  to 
encrypt  data  with  other  ANX  trad¬ 
ing  partners. 


However,  VPNs  have  been  the 
sore  spot  for  ANX  because  it  has 
proven  impossible  to  get  differ¬ 
ent  vendors’  VPN  gear  to  work 
together  despite  extensive  IPSec 
equipment  testing.  Erik  Naugle, 
CTO  at  ANXeBusiness,  explains: 
“The  standard  has  enough  loop¬ 
holes  [that]  you  can  be  compli¬ 
ant  with  the  specification  but 
not  be  interoperable.” 


Currently,  40%  of  the  1,300  ANX 
corporate  customers  use  technol¬ 
ogy  from  Check  Fbint  Software, 
25%  use  Cisco,  20%  use  Alcatel 
and  15%  use  products  from  a  mix 
of  other  vendors. 

Fed  up  with  VPN  interoperabil¬ 
ity  problems,  Ford  has  gotten  ANX 
to  start  offering  a  new  VPN  man¬ 
aged  service  called  Tunnelz.The 
service  is  based  on  a  single  ven¬ 
dor’s  VPN  equipment  that  Ford 
will  require  its  trading  partners  to 
use  on  ANX. 

Tunnelz  will  involve  ANX  staff 
installing  a  Nokia  VPN  appliance 
at  the  user’s  site  and  managing  it 
remotely  to  establish  VPN  tunnels 
between  ANX  trading  partners. 

“We  want  to  eliminate  the  vari¬ 
ety  of  IPSec  tunnels  we  have  to 
deal  with,”  says  Dennis  Kirchoff, 
Ford’s  ANX  development  leader. 
He  adds  that  Ford  and  its  500 
trading  partners  on  ANX  use  it 
for  volume  batch  EDI,  CAD/CAM 
file  sharing  and  mainframe 
access.  Ford  wants  to  establish 
service-level  agreements  for 
VPNs  with  suppliers,  and  the 
Tunnelz  managed  service  is 
viewed  as  the  way  to  do  that. 

Tunnelz  will  cost  $240  per  year, 
per  tunnel, a  price  Ford  intends  to 
keep  low  by  subsidizing  it. 
DaimlerChrysler  also  is  consider¬ 
ing  using  Tunnelz. 

Some  of  the  Big  Three’s  suppli¬ 
ers  say  Tunnelz  sounds  like  a 
good  idea.  “I’m  interested  in  it,” 
says  Joseph  Ciunciosa,  program¬ 
mer  analyst  with  Gibraltar  Steel, 
who  says  his  firm  has  trouble  get¬ 
ting  the  Cisco  VPN/firewall  to  talk 
to  Nokia’s. 

The  experience  with  ANX  has 
convinced  Ford  and  Daimler¬ 
Chrysler  that  VPNs  perform  better 
when  separated  from  the  firewall 
function, although  most  ANX  trad¬ 
ing  partners  today  use  combined 
firewall  VPNs. 

“We’re  going  to  use  the  Nokia 
CryptoCluster,”  says  Stanley 
Chan,  WAN  planning  and  project 
manager  at  DaimlerChrysler. 
“And  we’ve  separated  the  IPSec 
layer  and  the  firewall  layer  to  get 
better  performance  and  better 
tolerance  for  problems  that  may 
happen." 

Still,  GM  last  week  showed  flag¬ 
ging  enthusiasm  for  ANX, saying  it 
was  taking  a  wait-and-see  attitude 
on  Tunnelz. 

One  GM  official  said  the  com¬ 
pany  might  even  organize  its 
own  VPN-based  network  over 
the  Internet  with  suppliers.  ■ 
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Burton 

continued  from  page  1 

integrate  them  on  the  protocol  level. 

Network  professionals  say  integration  is 
needed  in  the  Web  services  world,  where 
multiple  protocols  with  distinct  semantics 
are  being  developed  for  the  same  service, 
such  as  workflow. 

The  gateway,  targeted  at  small  and  midsize 
corporations,  will  map  or  redirect  protocols 
for  one  application  service  to  protocols 
designed  for  another  service,  allowing  for 
the  integration  of  network  or  Web  services 
applications. 

Burton,  who  is  CEO  of  JanusLogix,  has  been 
consulting  with  companies  such  as  Novell  for 
the  last  four  years.  In  those  years  he  has  found 
that  the  trouble  with  Web  services  is  that  the 
protocols  used  by  an  application  or  system 
are  often  incompatible  because  they  are 
implemented  differently,  for  instance.  For 
example,  users  of  POP3-based  Internet  e-mail 
systems  might  not  have  the  full  features,  such 
as  the  ability  to  recall  messages  or  track  them, 
if  messages  are  sent  to  systems  that  use  pro¬ 
prietary  protocols. 

The  JLXE  software  would  be  hosted  on  a 
server  and  enable  communications  between 
applications.The  software,  which  is  hardware- 
independent,  works  with  Microsoft’s  Net, 
Java  2  Platform  Enterprise  Edition,  IBM’s  Web¬ 
Sphere,  Novell’s  Silverstream  and  other  Web 
service  frameworks. 

“We  are  going  to  move  away  from  the  think¬ 
ing  that  a  common  protocol  is  going  to  be 
agreed  upon  by  everybody  Burton  says.“What 


we  need  to  do  is  come  up 
with  a  dynamic  protocol 
framework  that  lets  the 
semantics  of  a  protocol  float.” 

He  says  that  because  ser¬ 
vices  are  defined  by  the  pro¬ 
tocols  they  use,  such  as 
SNMP  Simple  Mail  Transfer 
Protocol  (SMTP)  or  Light¬ 
weight  Directory  Access 
Protocol  (LDAP),  their  fea¬ 
tures  are  limited  when  com¬ 
municating  with  services 
that  use  other  protocols. 

At  the  heart  of  JLXE  is  a  col¬ 
lection  of  protocols  defined 
in  XML.  JLXE  uses  Extensible 
Stylesheet  Language  Trans¬ 
formation  (XSLT)  as  the  pro¬ 
gramming  language.  XSLT 
converts  XML  documents 
from  one  form  to  another. 

The  first  technologies  JLXE’s  software  will 
support  include  FTP  HTTP  and  SMTP, followed 
by  LDAP  and  Web  services  protocols  such  as 
Simple  Object  Access  Protocol  (SOAP)  and 
Web  Services  Description  Language  (WSDL). 
JLXE  creates  what’s  known  as  a  semantic 
agent  by  taking  a  protocol  and  defining  it  in 
XML.  Once  the  protocol  is  broken  down,  it  can 
be  mapped  to  another  using  that  protocol’s 
semantic  agent. 

The  semantic  agents  could  be  particularly 
relevant  with  Web  services.  For  example, 
vendors  and  standards  bodies  are  develop¬ 
ing  a  handful  of  Web  services 
protocols  that  govern  work- 
flow.  JLXE  would  let  applica¬ 


tions  interact  regardless 
of  the  workflow  protocol 
they  use. 

Burton  says  his  chal¬ 
lenge  will  be  to  differenti¬ 
ate  his  product  from  trans¬ 
formation  products  that 
integrate  diverse  tech¬ 
nologies  from  Iona.Ttbco 
and  WebMethods. 

One  issue  JLXE  is  attack¬ 
ing  is  that  Web  services 
and  XML,  which  are  seen 
as  the  catalyst  for  interop¬ 
erability  between  systems 
and  applications,  do  not 
eliminate  the  semantic 
and  schema  differences 
between  applications  and 
services,  says  Jamie  Lewis, 
CEO  and  research  chair  of 
Burton  Group,  a  research 
firm  started  by  Burton  (he  sold  the  company 
in  the  mid-1990s). 

“We’ve  been  talking  about  building  another 
layer  of  the  network,  a  data  and  application 
layer  that  needs  routing  and  transformation 
capabilities,”  he  says.  “JanusLogix  is  trying  to 
add  an  intelligence  to  the  network,  a  data  net¬ 
working  service,  so  you  can  connect  applica¬ 
tions  not  just  physical  nodes  on  the  network.” 

Analysts  say  this  data  layer  is  analogous  to 
the  traditional  network  layer  that  routes  net¬ 
work  traffic. 

JLXE,  which  is  scheduled  to  be  available 
in  the  first  half  of  next 
year,  will  cost  $2,600  per 
server.  ■ 


PROFILE:  JANUSLOGIX 

Headquarters:  Draper,  Utah 
Founded:  January  2001 

Founders:  Craig  Burton, 
CEO;  Arthur  Nevarez,  CTO; 
Sean  O’Gwin,  COO. 

Primary  product:  XML- 

based  protocol  conversion 
software. 

Financing:  $1  million  plus 
fromThe  Canopy  Group  and 
private  investments. 

Fun  fact:  Burton  co-founded 
Novell,  which  produced  many 
of  the  engineers  now  at 
JanusLogix. 
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OPERATIONS 

THE  WEATHER 
CHANNEL 


‘...  an  ideal 


testing  site  for 
storage  users  to 
evaluate  new 
technology ..." 


James  Riggs 

PROGRAM  MANAGER 

US  ARMY  PERMS 


"...  the  number 
one  storage 
conference  ...” 


Jon  Labrie 

CTO 

WETA  DIGITAL 


Get  the  World’s  Best 
Storage  Education! 


STORAGE 


NETWORKING 


WO  R 


October  27-30,  2002 

Renaissance  Orlando  Resort 
Orlando,  Florida 


Co-owned  and  Produced  by:  Co-owned  and  Endorsed  by: 


CMfinnwnui 


*~sSNIA 


Register  today  to  attend  the 
world's  premier  event  on: 

•  Enterprise  Infrastructure 

•  Business  Continuity 

•  Data  Management  and  Security 

•  Emerging  Technologies 


Is  data  volume  pushing  your  storage  infrastructure 
envelope?  Are  you  getting  increased  pressure  to  deal 
with  data  management  and  business  continuity? 

Attend  Storage  Networking  World  and  get  the  world's 
best  answers  to  your  storage  questions!  Designed  for 
both  enterprise  IT  managers  and  storage  professionals, 


SNW  is  the  only  conference  where  you  get: 

•  a  Storage  Networking  Industry  Association 
(SNIA)-endorsed  education 

•  a  hands-on  view  of  the  world's  only  SNIA-sanctioned 
Interoperability  and  Solutions  Demo 

•  exposure  to  peers,  experts,  visionaries  and 
technologies  that  no  other  conference  delivers 


See  and  Hear  Geoffrey  Moore 


Opening  Visionary  Presentation 

Monday,  October  28,  2002 


See  the  World's  Best 

Storage  Interoperability 
and  Solutions  Demo 


Geoffrey 

Moore 


Chairman 
and  Founder 
The  Chasm 
Group 


■  Author  of  - 

gjjjg 


Living  on 
the  Fault 
Line 


Crossing 

the 

Chasm 


Inside 

the 

Tornado 


How  to  Creatively  Apply  IT 
in  Today’s  Economy 


In  the  current  economy,  companies  have  two 
key  priorities.  The  first  is  to  attack  costs. 

The  second  is  to  extract  resources  from  non¬ 
core  processes  in  order  to  focus  more  atten¬ 
tion  on  core  differentiation.  For  IT  managers 
and  professionals,  all  of  this  means  applying 
IT  creatively.  In  this  special  opening  session, 
Geoffrey  Moore  will  help  IT  managers  and 
professionals  understand  where  they  should 
spend  their  time,  what  they  should  spend  it 
on,  and  how  they  can  prepare  for  the  eventu¬ 
al  economic  upswing. 


In  our  world-class, 
acclaimed  Interoperability 
and  Solutions  Demo, 
you'll  not  only  see  real-life 
configurations,  you'll  tour 
the  Demo  area  and  discuss 
with  experts  the  technical 
configurations  and  how 
they  may  apply  to  your 
business. 


■BV 


Get  the  CIO's  Point-of-View 


Opening  Leadership  Presentation 

Tuesday,  October  29,  2002 


Fran 

Dramis 


CIO 

BellSouth 


As  CIO,  Chief  eCommerce  and  Security 
Officer  for  BellSouth,  Fran  has  first-hand 
knowledge  of  the  challenges  that  vast 
amounts  of  data  can  present  to  a  company. 
What  has  BellSouth  done  in  recent  years  to 
better  deat  with  increasing  amounts  of  data? 
Where  does  BellSouth  see  the  future  of  data 
management?  And  how  does  it  deal  with  the 
data  given  increasing  concerns  for  security 
and  business  continuity?  Find  out  in  this 
special  opening  presentation 


Are  You  a  Storage 

SuperUser? 

Register  today  at  www.snwusa.com 
for  the  following  FREE  benefits: 

■  significant  conference  registration  savings  and  special 
host-hotel  reservation  privileges 


■  member-only  access  to  selected  streaming  video 
presentations  from  SNW  Spring  2002 

■  regular  conference  program  updates  including  keynote 
speaker  announcements,  program  tracks,  special 
conference  activities  and  more 


complimentary  subscription  to  SNW0nline.com  webzine 

priority  consideration  for  space-limited  tutorials 
and  sessions 


exclusive  tours  and  demonstrations  in  the 
Interoperability  and  Solutions  Demo 


For  more  information  and  to  register,  visit  W 


J'f  Klimkin; 

imd 


Hear  Real-World  User  Implementation 
Case  Studies 

At  Storage  Networking  World, 
you’ll  see  IT  managers  and 
professionals  describe  how 
they  implemented  key  storage 
technologies  in  today's  world. 

You'll  learn  from  their  valuable 
lessons  and  have  an  opportunity  to  network  with  them. 

Get  an  Education  Endorsed 
by  theSNIA 

•  A  Primer  delivering 
basic  storage  concepts, 
terminology  and  business 
applications. 

•  Exclusive  SNIA-produced  and 
Delivered  Tutorial  Sessions, 

offering  immediately  implementable  tips,  tools  and 
techniques  that  cover: 

•  Disaster  Recovery,  Backup/Restore  and  High 
Availability 

•  Securing  and  Managing  Your  Storage  Networks 

•  Networking  for  Storage  Managers,  Virtualization, 
and  IP-based  Storage  Technology 

See  the  World’s  Largest  Storage 
Industry  Expo 

You'll  participate  in  live 
demonstrations  and  meet 
exhibiting  companies  specializ¬ 
ing  in  the  latest  data  manage¬ 
ment  and  storage  networking 
products  and  services. 


Agenda  Snapshot* _ 

For  details,  updates,  and  to  register  visit  our  Web  site. 

Sunday,  October  27 

9:30am-1 1 :00am  Industry  Primer  Tracks 

Noon-5:00pm  Golf  Outing  (complimentary  for  usersl  at  Disney's 
Lake  Buena  Vista  Golf  Course 

1 :00pm-5:30pm  SNIA-produced  Technical  and  Business  Tutorials 

•  Voice  of  the  User  and  Virtualization  Track 

•  Disaster  Recovery,  Backup/Restore,  and  High 
Availability  Solutions  Track 

•  Securing  and  Managing  Your  Storage  Networks  Track 

•  Focus  on  Networking  Your  Storage  Track 

•  IP-based  Storage  Track 

7:00pm-9:00pm  Pre-conference  Networking  Reception 

Monday,  October  28 

7:30am-8:15am  Continental  Breakfast 

8:30am-9:15am  Opening  Visionary  Presentation  by  Geoffrey  Moore 
9:15am-12:15pm  General  Sessions 
12:15pm-1 :30pm  Networking  Luncheon 
1:30pm-4:00pm  General  Sessions 

4:00pm-5:00pm  Technical,  Technical/Business  and  Business  Tracks 
5:00pm-8:00pm  Expo,  Interoperability  and  Solutions  Demo, 
and  Buffet  Dinner 

Tuesday,  October  29 

7:30am-8:15am  Continental  Breakfast 

8:15am-8:55am  Opening  Leadership  Presentation  by  Fran  Dramis 

8:55am-Noon  General  Sessions 

Noon-1 :30pm  Expo,  8uffet  Luncheon 

Noon-7:1 5pm  Interoperability  and  Solutions  Demo 

1:30pm-3:00pm  General  Sessions 

3:00pm-5:00pm  Technical,  Technical/Business  and  Business  Tracks 
5:00pm-7:15pm  Expo 

7:30pm-9:00pm  Gala  Dinner  and  Entertainment 

Wednesday,  October  30 

7:30am-8:30am  Continental  Breakfast 

8:30am-Noon  Technical,  Technical/Business  and  Business  Tracks 

•subject  to  revision 


Learn  from  User  Case  Studies  and  Perspectives 


RICK 

PETERSON 

VP  of  IT 
Operations  and 
Production 
Services 

DIRECTV 


MARLENE 

RUPP 

Enterprise 

Business 

Continuity 

Manager 

Fidelity 

Investments 


MARK 

PRICE 

Director  of 
Enterprise 
Architecture 

Carlson 

Companies 


JOHN 

BLACKMAN 

Systems  Architect 
Emerging 
Technologies  & 
Consulting 

Wells  Fargo 


CHARLES 

INCHES 

IT  Director 

Corner  Banca  SA 
Switzerland 


JASON 

HYON 

Deputy  Manager 
Earth  Science  Data 
Systems  Section 

NASA- 

Jet  Propulsion 
Laboratory 


SCOTT 

STEGNER 

Storage  Solutions 
Practice  Manager 

Lockheed 

Martin 


RAY 

DICKENSHEETS 

Senior  Technical 
Architect 

Sprint 


BRIAN 

COBB 

VP  of  Systems 
Engineering 

Fannie  Mae 


Hear  from  Industry  Leaders 


GREG 

MARK 

DAVE 

MARK 

REYES 

LEWIS 

ROBERSON 

BREGMAN 

CEO 

EVP,  New 

President 

EVP  of  Product 

Brocade 

Ventures 

8.  COO 

Management 

Communications 

&  CTO 

Hitachi  Data 

VERITAS 

EMC 

Systems 

Software 

BRIAN  DAVID  GARY  STEVE  CHARLES 

TRUSKOWSKI  HILL  FRANCIS  DUPLESSIE  STEVENS 

CTO  VP  of  Storage  Corporate  VP  &  Founder  and  Corporate  VP 

Storage  Systems  Research,  Storage  General  Manager  Senior  Analyst  Enterprise 
Group  &  Storage  Automated  Tape  Enterprise  Storage  Division 

IBM  Management  Solutions  Storage  Group  Microsoft 

Aberdeen  StorageTek 
Group 
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"...  the  best 
conference  for 
storage  users  ..." 


Mike  Prince 

CIO 

BURLINGTON  COAT 
FACTORY 


"...  the  only 
storage  network¬ 
ing  conference 
that  delivers 
it  all..." 


Gary  Mountain 
MANAGER,  TECHNOLOGY 
SERVICES 

IDAHO  POWER 


"...  the  best 
chance  to  see  the 
latest  storage 
technology  all  in 
one  place  ...” 


David  Bentley 
TECHNICAL  SYSTEMS 
ENGINEER 

PHILLIPS 

PETROLEUM 


"...  a  true  value  for 
storage  users ..." 


IT  Executives  and  Managers  Choose  Storage  Networking  World! 


"...  the  Interoperability 
and  Solutions  Demo  is 
incredible ...” 

if 

L  'Jk  iv 

Bob  Venable 

ENTERPRISE  SYSTEMS  MANAGER 

BLUE  CROSS  &  BLUE  SHIELD 
OF  TENNESSEE 


"...  a  great  climate  for 
interaction  with  peers  ... 


Robert  Smalley 

SENIOR  PROJECT  SPECIALIST 

BANK  OF  MONTREAL 


‘...  great  end-user 
case  studies ..." 


Ray  Dickensheets 
SENIOR  TECHNICAL  ARCHITECT 

SPRINT 


"...  a  key  tool  to  help 
users  understand  storage 
management ...” 


Anthony  Lloyd 
VICE  PRESIDENT 
COMPUTER  OPERATIONS 

WARNER  BROS. 


Travel  and  Accommodations 

IDG  Travel  is  the  official  travel  company  for  Storage  Networking 
World.  They  are  your  one-stop  shop  for  exclusive  discounted  rates 
on  hotel  accommodations. 


American  Airlines  is  the  preferred  airline  for  Storage 
Networking  World.  For  information  and  discounts  of 
20%  on  American  Airlines  call  IDG  Travel  Services 
at  1-800-340-2262  or  1-508-820-8159. 

To  reserve  your  accommodations: 

•  visit  www.etcentral.com  OR 

•  call  1-800-340-2262  lor  1-508-820-8159) 


AmericanAirfines 


Registration 


Pre-Conference  Golf  Outing 

Complimentary  Golf  Outing 
for  Registered  IT  Users 

The  Pre-Conference  Golf  Outing  at  the  Walt 
Disney  World  Resort  Lake  Buena  Vista  Golf 
Course  is  complimentary  ($125  value)  for  reg¬ 
istered  IT  End-Users  (other  participants, 
including  sponsors  and  vendors,  may  play  on  an  "as  available" 
and  are  responsible  for  all  applicable  golf  outing  expenses). 

For  details: 

•  call  Lynn  Mason  at  1-508-820-8652 


basis 


Options: 

All  Dollar  Amounts  in  U.S.  Funds 

j  Earlybird 
j  Registration 

j  [through  Sept.  16th) 

1  Full/On-Site 
Registration 

I  (after  Sept.  16th) 

Conference 

Sessions 

Package  Includes 

Interoperability  and 
Solutions  Demo,  Expo. 
Meals  &  Receptions 

Technical  and  Business  Track; 
SNIA-produced  Tutorials,  SNW 
Certification  "Test-Ready"  Cours 

General  Conference  Package*  (Oct.  28  &  29): 

$1,095 

$1,245 

Yes 

Yes 

No 

Total  4-day  Package*  (Oct.  27,  28,  29,  30): 

•  General  Conference  Package 

•  Technical  and  Business  Tracks 

•  SNIA-produced  Tutorials  (Oct.  27) 

EW!  •  SNIA-Certification  "Test-Ready"  Courses 
[see  Web  site  for  details) 

$1,490 

$1,690 

Yes 

Yes 

Yes 

Expo,  Interoperability  and  Solutions  Demo, 

Meals  &  Receptions  Only  Package 

$450 

$495 

No 

Yes 

No 

•Includes  Expo,  Interoperability  and  Solutions  Demo.  Meals  and  Receptions 


To  Register  Visit  www.snwusa.com/net  or  Call  1-800-883-9090  11-508-820-8159) 


ww.nwfusion.com 
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■  TCP/IP,  LAN/WAN  SWITCHES 

■  ROUTERS  ■  HUBS 

■  ACCESS  DEVICES  ■  CLIENTS 

■  SERVERS  ■  OPERATING  SYSTEMS 

■  VPNS  ■  NETWORKED  STORAGE 


Forcel  0  aims  high  with  1 0G  switch 


■  BY  PHIL  HOCHMUTH 

MILPITAS, CALIF —  ForcelO  Networks  this 
week  will  debut  a  box  that  could  help  large 
corporations  and  carriers  build  beefier 
Gigabit  and  10G  Ethernet  capacity  than  the 
most  high-end  switches  currently  available. 

The  El 200  and  E600  switches  from 
ForcelO  could  be  used  to  aggregate  large 
amounts  of  Gigabit  server  connections  in 
a  large  data  center  or  to  connect  data  cen¬ 
ters  with  10G  Ethernet  links  in  a  metro¬ 
politan-area  network,  the  company  says. 
For  an  idea  of  the  scale  ForcelO  is  target¬ 
ing,  consider  this:  The  company  does  not 
offer  10M  or  100M  bit/sec  Ethernet  ports 
—  only  Gigabit  and  10G. 

Aiming  squarely  at  high-end  switches 
from  Cisco,  Extreme  Networks  and  Foun- 


■  Hewlett-Packard’s  server  business 
took  a  beating  in  the  second  quarter 
as  the  company  lost  ground  to  its 
major  rivals,  according  to  data  re¬ 
leased  last  week  by  Gartner.  Overall, 
worldwide  server  revenue  shrank 
to  $10.1  billion  in  the  second  quarter, 
down  from  $11.6  billion  in  the  same 
period  a  year  ago.  All  the  major  ven¬ 
dors  saw  their  revenue  fall,  but  HP 
and  Compaq,  now  one  company, 
showed  the  largest  drop-offs. 

HP's  total  revenue  from  server  sales 
slipped  21.3%  year-on-year,  and  Com¬ 
paq’s  fell  21.8%  over  the  same  period. 
By  comparison,  IBM’s  server  revenue 
fell  7.8%,  while  Sun  and  Dell  each 
saw  their  revenue  decline  by  3.5%, 
Gartner  reported.  Meanwhile,  IBM, 
Sun  and  Dell  were  able  to  gain  market 
share  against  HP.  IBM  held  its  top 
spot  in  worldwide  market  share,  gar¬ 
nering  29.6%  of  total  server  revenue, 
an  increase  of  1.6  percentage  points 
from  last  year.  Sun  took  the  second- 
largest  slice  of  the  market  with  18.4% 
of  revenue,  up  1.8  points  from  the  year 
before.  Compaq's  share  came  in  at 
12.5%,  down  1.3  percentage  points 
from  last  year,  with  HP  just  behind  at 
12.2%,  down  1.4  points. 


Forcel  0's  El  200  and  E600  switches  are 
aimed  at  large  data  centers  with  high- 
throughput  needs. 


dry  Networks,  Force  10’s  14-slot  El 200 
chassis  can  support  a  maximum  of  336 
Gigabit  Ethernet  ports,  28  10G  Ethernet 
ports  or  a  mix  of  the  two  speeds.The  com¬ 
pany  says  it  also  supports  Layer  2  switch¬ 


ing  and  fully  Layer  3  routing  at  wire  speed 
on  all  ports.  The  switch  also  supports 
Multi-protocol  Label  Switching  and 
redundancy  protocols  such  as  Virtual 
Router  Redundancy  Protocol. 

ForcelO  is  officially  launching  as  a  com¬ 
pany  this  week,  though  it  has  been  work¬ 
ing  with  customers  for  the  past  year  or  so. 
Along  with  its  E1200  switch,  the  company 
also  is  debuting  the  E600,  which  offers  half 
the  port  capacity  but  has  the  same  switch 
fabric  and  uses  the  same  modules  as  its 
big  brother. 

The  architecture  of  the  El 200  lets  it 
scale  far  beyond  competing  switches, 
such  as  Extreme’s  BlackDiamond,  Foun¬ 
dry’s  Biglron  and  Cisco’s  Catalyst  6500, 
according  to  the  company  and  industry 
analysts.  The  E1200  has  a  1.2T  bit/sec 
backplane,  or  total  switching  capacity 
which  more  than  doubles  the  backplane 
of  its  closest  competitors,  ForcelO  says. 


The  switch  is  also  the  first  product  that 
can  offer  true  10G  bit/sec  throughput  on 
each  of  its  slots,  the  company  says,  with  a 
per-module  bandwidth  of  40G  bit/sec 
between  the  module  and  the  switch 
backplane.  This  is  key,  industry  analysts 
say,  as  Force  10’s  competitors  offer  only  8G 
bit/sec  of  bandwidth  per  slot. 

Some  customers  say  this  fact  can  short¬ 
change  users  looking  to  get  a  full  10G 
connection,  unless  two  10G  ports  are 
trunked  together. 

“ForcelO  has  set  the  bar  in  terms  of  10 
Gigabit  performance,”  says  Kevin  Walsh, 
senior  network  engineer  at  the  San  Diego 
Supercomputing  Center  (SDSC).  Walsh 
uses  two  E1200s  to  connect  a  cluster  of 
512  Gigabit  Ethernet  servers  as  part  of  the 
Teragrid  project,  an  effort  by  the  SDCS, 
along  with  the  National  Center  for 
Supercomputing  to  build  the  world’s 
See  ForcelO,  page  18 


Cisco  turns  up  key  switch  security  speeds 


■  BY  STEPHEN  LAWSON 

Corporate  customers  can  secure  their 
network  traffic  at  higher  speeds  and  avoid 
proliferation  of  devices  with  a  series  of 
security  hardware  modules  announced 
last  week  for  the  Cisco  Catalyst  6500 
Series  switches. 

The  modules  perform  the  same  func¬ 
tions  as  existing  Cisco  security  products, 
but  at  higher  performance  because  they 
take  advantage  of  new  custom  hardware, 
says  Tom  Russell,  director  of  product  mar¬ 
keting  in  Cisco’s  VPN  and  Security  group. 
The  Catalyst  6500  is  one  of  Cisco’s  main 
chassis-based  switch  platforms  for  corpo¬ 
rations  and  service  providers.The  security 
modules  also  can  be  deployed  in  the 
Cisco  7600  Series  router. 

Because  the  Catalyst  6500  is  modular 
and  comes  with  a  range  of  chassis,  it  is 
possible  to  use  just  security  modules  to 
create  a  dedicated  security  switch  for  a 
corporation,  says  Zeus  Kerravala,  an  ana¬ 
lyst  with  The  Yankee  Group. This  might  be 
attractive  to  companies  where  security 
and  network  operations  staff  are  separate 
and  don’t  want  to  share  gear. 

Having  multiple  security  functions  on 
the  same  box  makes  for  simpler  man¬ 
agement  than  a  series  of  devices  each 
performing  a  separate  function,  Ker¬ 


ravala  says. 

The  lineup  of  new  hardware  includes  a 
VPN  Services  Module  and  a  Network 
Analysis  Module,  available  now,  and  a 
Firewall  Services  Module  and  a  Secure 
Sockets  Services  Layer  (SSL)  Module 
available  this  month. 

The  VPN  module  can  encrypt  and  de- 


60%  of  wg 
businesses  want  security 
integrated  in  a  high-end 
switch  vs.  separate  security 
appliances. 

SOURCE:  THE  YANKEE  GROUP 


crypt  traffic  with  Triple-DES  technology  at 
1 .9G  bit/sec  and  provide  8,000  concurrent 
VPN  tunnels,  using  the  IP  Security  stan¬ 
dard.  The  card  is  based  on  Cisco’s  VPN 
3000  remote  access  VPN  gear  and  its 
router-based  VPN  equipment.  The  speed 
of  the  VPN  card  can  handle  heavy  VPN 
traffic  between  enterprise  campuses  and 
from  remote  users  on  dial-up  and  broad¬ 
band  Internet  connections,  according  to 
Russell.  It  is  priced  at  $35,000. 


The  new  Network  Analysis  Module, 
NAM-2,  provides  roughly  double  the 
throughput  of  a  current  module  for  the 
Catalyst  line,  the  NAM-1.  The  NAM-2  can 
monitor  traffic  at  rates  as  high  as  1G 
bit/sec  to  help  administrators  detect  net¬ 
work  problems  and  better  use  resources. 
The  NAM-1  and  NAM-2  are  priced  at 
$18,000  and  $30,000,  respectively. 

The  Firewall  Services  Module  brings  the 
functions  of  Ciscos  Pix  Firewall  to  the 
switch  platform  along  with  an  increase  in 
performance  from  the  stand-alone  ver¬ 
sions.  It  can  secure  traffic  at  throughput 
rates  up  to  4G  bit/sec,  over  as  many  as 
100,000  connections  per  second.  As  many 
as  four  of  the  firewall  modules  can  be 
deployed  in  one  Catalyst  6500  chassis, and 
one  chassis  with  multiple  firewall  mod¬ 
ules  can  be  used  as  a  high-performance 
security  platform.  It  is  priced  at  $35,000. 

The  SSL  Services  Module  can  encrypt 
and  decrypt  traffic  using  SSL  at  speeds  up 
to  300M  bit/sec,  supporting  as  many  as 
2,500  connections  per  second.  A  typical 
deployment  would  be  to  off-load  security 
functions  from  an  e-commerce  server 
behind  the  Catalyst  6500,  Russell  says.The 
module  costs  $30,000. 

Lawson  is  a  correspondent  with  the  IDG 
News  Service's  San  Francisco  bureau. 
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TOLLY  ON 
TECHNOLOGY 

Jim 

Quinn 


In  the  history  of  data  networks  and  the 
high-tech  market,  there  are  few  tech¬ 
nologies  that  have  a  long  history  of 
being  a  dominant  force.  Ethernet  is  one  of 
them.lt  has  proven  to  be  resilient  in  a  num¬ 
ber  of  ways. 

I  had  the  good  fortune  in  the  early  1980s 
to  be  at  Digital  Equipment  when  the 
experimental  Ethernet  systems  from 
Robert  Metcalfe  and  David  Boggs  from 
Xerox  PARC  were  being  commercialized. 
This  was  an  early  sign  of  the  ability  to  take 
Ethernet  from  its  starting  rate  of  2.94M 
bit/sec  to  10M  bit/sec.  Ethernet  won  the 
battle  over  token-ring  architectures  by  the 
logic  of  using  lower-cost  components, 


www.nwfusion.com 

Semper  Ethernet 


pragmatic  media  and  the  virtues  of  Carrier 
Sense  Multiple  Access/Collision  Det¬ 
ection.  Then  came  the  period  of  changes 
and  a  continual  manifestation  of  Ethernet 
to  adapt  itself  to  new  definitions  and 
respond  to  new  requirements. 

The  latter  part  of  the  1990s  saw  in  rapid 
succession:  the  refinement  of  the  Ethernet 
specifications  to  support  100Base-T  (100M 
bit/sec  on  Category  5  wiring),  the  move 
ment  to  full  duplex  (to  remove  the  need 
for  collision  detection  and  thereby  allow 
for  the  increase  in  distance)  and  then  the 
development  of  Gigabit  Ethernet.The  21st 
century  shows  the  continuation  of  this 
heritage  to  adapt  to  changing  require 
ments  and  still  maintain  the  essence  of 
the  protocol  with  developments  in  the  10 
Gigabit  arena. 

The  questions  that  I  pose  to  anyone: 

•  Why  does  Ethernet  survive  the  chal¬ 
lenges? 

•Why  is  there  still  a  long-range  expansion 
of  Ethernet,  despite  that  fact  that  it  is  the 


senior  citizen  in  the  high-technology  evolu¬ 
tion  game? 

As  1  puzzled  over  the  longevity  of  Ether¬ 
net,  the  answer  came  to  me  at  SuperComm 
when  I  talked  to  the  people  from  the 
Ethernet  in  the  First  Mile  Alliance.  Two 
major  realizations  came  from  my  discus¬ 
sions  with  them. 

The  first  is  that  the  general  view  of  most  of 
the  communications  world  is  the  customer 
is  at  the  “last”  mile,  not  the  first.The  last-mile 
point  of  view  has  the  central  office  as  the 
major  point  of  focus  with  the  customer  on 
the  periphery 

For  Ethernet,  there  has  always  been  the 
strong  view  of  the  consumer  as  the  focus 
—  even  as  far  back  as  the  early  days  at 
Xerox  PARC  of  having  an  easy  way  to  share 
printers.  This  is  clearly  manifested  in  the 
ongoing  theme  to  reduce  development 
costs  by  assuring  that  the  same  driver 
design  will  work  regardless  of  the  underly¬ 
ing  media  type  or  its  speed. 

The  second  was  the  open  acceptance  of 


new  and  different  media  types  to  make 
delivery  of  Ethernet  to  consumers  fit  their 
needs  and  the  needs  of  the  service  pro¬ 
vided.  Some  of  the  new  approaches 
include  the  use  of  a  single  fiber  with  dif¬ 
ferent  lambdas  for  the  up-  and  down¬ 
streams,  and  the  use  of  passive  optical  net¬ 
works  where  the  downstream  is  a  shared 
broadcast  and  the  upstream  is  a  managed 
TDM  done  by  control  of  the  transmitting 
lasers.There  is  also  Ethernet  over  DSL  and 
the  changes  necessary  to  support 
Ethernet  over  voice-grade  copper. 

What  has  kept  Ethernet  strong  and  grow¬ 
ing  is  listening  to  the  user  community  and 
being  open  to  change  in  response  to  the  op¬ 
erating  environment  without  compromis¬ 
ing  the  essentials.  Maybe  this  is  a  model  we 
all  should  look  at  the  next  time  we  are  argu¬ 
ing  that  our  technology  is  the  “right”  one. 

Quinn  is  nice  president  of  technology  at 
The  Tolly  Group.  He  can  be  reached  at 
jquinn@tolly.com.  Kevin  Tolly  is  on  vacation. 


NetScreen  offers  all-in-one  security  box 


■  BY  TIM  GREENE 

SUNNYVALE,  CALIF—  NetScreen  Tech¬ 
nologies  is  planning  a  new  product  line 
that  will  include  firewall,  VPN  and  intru¬ 
sion-prevention  software  in  a  single  box, 
giving  customers  a  way  to  beef  up  secu¬ 
rity  without  adding  multiple  devices  to 
their  networks. 

Within  18  months,  the  company  says  it 
will  ship  the  combination  gear,  which 
hasn’t  been  named  yet,  on  a  new  hardware 
appliance  custom  made  to  handle  the 
heavy  processing  and  storage  load  im¬ 
posed  by  the  security  applications.  The 
company  also  will  upgrade  its  NetScreen- 
Global  management  software  so  it  can  set 
intrusion-prevention  policies. 

The  new  hardware  platform  will  let  the 
gear  perform  its  combined  functions  at 
wire  speed,  NetScreen  says. 

Several  competitors,  such  asTippingFbint 
Technologies,  CrossBeam  Systems  and 
CloudShield,  are  working  on  high-speed 
hardware  to  perform  security  functions  in  a 
similar  fashion,  says  John  Pescatore, 
research  director  for  network  security  at 
Gartner.  But,  he  says,  NetScreen  has  a  con¬ 
siderable  number  of  customers  already  by 
virtue  of  its  high-speed  firewall/VPN  equip¬ 
ment  based  on  custom  chips. 

Placing  intrusion  prevention  and  fire¬ 
walling  in  the  same  equipment  makes 
sense  because  it  centralizes  security  poli¬ 
cies,  says  Stephen  Gill,  a  technical  analyst 
with  Greenwich  Technology  Partners, 
which  uses  NetScreen  VPN/firewall  equip¬ 
ment.  “You  are  examining  every  packet  at 
the  firewall  as  it  crosses  your  network  any¬ 
way.  so  you  might  as  well  do  intrusion 
detection  at  the  same  time,”  he  says. 

To  work  at  gigabit  speeds  the  device 
requires  custom  processors  such  as 


Block  those  packets 


Adding  intrusion  detection  to  its  firewall/VPN 
appliances  will  give  NetScreen  gear  the  ability 
to  sanitize  Internet  traffic  at  a  single  point. 


'  \ 

NetScreen  firewall/VPN  gear  parses  every  packet 

coming  in  off  the  Internet. 

Intrusion-detection  software  will  use  this 
packet  inspection  to  search  for  and  block 
malicious  traffic. 


NetScreen’s,  Pescatore  says.“You  have  to  do 
this  type  of  deep  packet  inspection  in  hard¬ 
ware,”  he  says. 

NetScreen  is  obtaining  intrusion-protec¬ 
tion  technology  from  OneSecure,  maker  of 
Intrusion  Detection  and  Prevention  (IDP) 
system  software  that  it  sells  on  PC  hardware 
appliances.  NetScreen  is  buying  One- 
Secure  for  $40.3  million  stock  sometime 
next  month, and  NetScreen  will  start  selling 
IDP  then  with  a  NetScreen  label. 

By  the  middle  of  next  year,  the  com¬ 
pany  expects  to  boost  the  speed  of  the 
gear  to  1G  bit/sec  so  the  device  won’t 
become  a  bottleneck  in  Gigabit  Ether¬ 
net  networks. 

But  because  part  of  what  IDP  does 
requires  extensive  storage  capabilities, 
fully  integrating  IDP  with  NetScreen’s  fire¬ 
wall  and  VPN  software  demands  a  hard¬ 
ware  platform  with  more  memory. 
NetScreen  says  that  platform  and  full  IDP 
integration  will  be  ready  within  18  months. 

Pescatore  recommends  against  using 
these  devices  for  remote-access  VPN  con¬ 
nections  where  individual  PCs  access  a 


VPN  gateway  via  the  Internet.  The  high 
number  of  remote-access  connections 
make  setting  up  the  security  parameters 
too  complex  to  be  practical.  However,  the 
equipment  is  well-suited  for  site-to-site 
VPNs  because  fewer  individual  VPN  con¬ 
nections  are  involved,  he  says. 

OneSecure  says  its  software  streamlines 
inspecting  packets  for  telltale  intrusion 
signatures,  which  are  the  patterns  in  traf¬ 
fic  that  indicate  the  packet  might  be  mali¬ 
cious.  Some  intrusion-detection  systems 
look  for  signatures  in  all  packets,  regard¬ 
less  of  whether  these  packets  might 
cause  harm. 

OneSecure  says  Sendmail  Wiz  Attacks 
that  flood  Simple  Mail  Transfer  Protocol 
(SMTP)  servers  have  their  own  signatures 
that  can  be  identified  by  parsing  every 
packet.  But  to  avoid  harm,  only  the  con¬ 
trol-session  packets  of  the  connections 
need  to  be  analyzed  and,  if  the  signature  is 
found,  blocked. 

Pricing  will  be  set  when  the  new  boxes 
are  announced. 

NetScreen:  www.netscreen.com 


ForcelO 

continued  from  page  17 


largest  distributed  supercomputer.  The 
cluster  of  two  El 200s  in  San  Diego  connect 
to  Juniper  routers  via  10G  Ethernet.  The 
Juniper  routers  then  connect  the  SDSC  site 
to  four  other  sites  on  the  Teragrid. 

“There  is  no  other  manufacturer  at  the 
moment  who  has  combined  this  kind  of 
performance  and  capacity  says  Walsh, 
adding  that  he  has  tested  10G  Ethernet 
switches  from  other  vendors. 

In  terms  of  total  capacity  and  density 
high-end  boxes  from  Cisco  and  Extreme 
max  out  at  around  256G  bit/sec  of  back¬ 
plane,  and  have  a  maximum  of  192  Gigabit 
Ethernet  ports.  Foundry’s  Biglron  has  a 
480G  bit/sec  backplane  and  supports  120 
Gigabit  Ethernet  ports.  All  three  vendors 
also  offer  10G  Ethernet  modules. 

Where  ForcelO  falls  a  bit  short  is  in  areas 
such  as  lOOOBase-T  ports  —  copper 
Gigabit  modules  are  due  out  next  year  — 
and  with  higher-layer  switching,  such  as 
Layer  4  load  balancing  or  Layer  7  Web 
switching.  (Extreme,  Foundry  and  Cisco 
offer  these  features  through  hardware  and 
software  upgrades.) 

ForcelO  switches  will  cost  about  $2,200 
per  Gigabit  Ethernet  port,  and  about 
$55,000  per  10G  Ethernet  port.  The  com¬ 
pany  says  a  base  configuration  for  its 
E600  is  about  $50,000,  compared  with  a 
similarly  configured  Cisco  Catalyst  6509, 
which  costs  about  $75,000. 

ForcelO’s  E1200,  E600  and  modules  are 
available  now. 

Force  1 0:  www.  force  1 0networks.com 
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Is  this  ForcelO  a  force  to 
be  reckoned  with? 
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NOT  MPOSS  BLE 


TradeForce™  Suite  by 
Financial  Fusion,  a 
subsidiary  of  Sybase, 
offers  the  most  complete 
solution  to  meet  the 
new  Straight  Through 
Processing  (STP) 
requirements  facing 
the  trading  industry.  It 
makes  the  very  difficult 
task  of  STP  simpler. 

This  is  just  one  of  the 
software  integration 
solutions  available 
today  from  Sybase. 

Leveraging  our  expertise 
in  database  technology 
and  powerful  new 
integration  tools,  Sybase 
can  help  integrate  all 
the  data  and  business 
applications  in  your 
enterprise. 

So  you  can  extract  the 
maximum  value  from 
not  only  your  current 
infrastructure,  but  also 
from  all  the  information 
that  resides  within  it. 

Visit  www.sybase.com/ 
integrationsolutions.  And 
discover  the  possibilities. 


i  Sybase 

Information  Anywhere' 


r  ^ 

The  Software 
Integration  Company. 

We  can  help  you  integrate 
all  the  data  and  business 
applications  in  your 
enterprise  and  extend 
them  to  any  location  in 
the  world.  So  you  can 
improve  efficiency  while 
preserving  your  existing 
infrastructure  investments. 
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Experio  is  a  global  IT  consultancy  and  unit  of  Hitachi  Ltd.  Elex*s«s.ssr- 
Shoreline  supports  the  company  with  an  integrated  IP 
voice  system  linking  800  users  and  18  Experio  offices  throughout  the  U.S. 


Annual  Costs 


Management 

$39,600 

$72,000 

$32,000 

$48,480 

$30,000 

$129,280 

$80,800  _ 

Long  Distance 

J1 51,000 

$121,700 

TCO  Per  Year 


$118,080  $352,280 


$234,200 


Total  Savings  Over  5  Years 


$1,678,200 


Per  Site  Aquisition  Costs 

Equipment  Network  Upgrades 
Installation  -  Hard  Costs 
Total  Per  Site  Aquisition  Costs 
Total  Aquisition  Costs  (XI 6) 


SHORELINE 

$30,000 

$0 

$30,000 

$480,000 


LEGACY  PBX 

$60,000 
$1,700 

$61,700 
$987,200 


$31,700 

$507,200 


NET  SAVINGS 

$30,000 

$1,700 


Shoreline’s 
IP  Phone 


Your  existing  phone  system  is  costing  you  more  money 

than  you  think.  To  learn  how  a  Shoreline  IP  Voice  System  can  drastically 

reduce  your  company  phone  expenses  while  adding  more  features  and  solid 


reliability,  call  1-877-80SHORE  or  visit:  http://savings.goshoreline.com 


“ Shoreline  reduced  our  system  acquisition  and 
installation  costs  by  more  than  $500K,  and 
helped  us  reduce  our  ongoing  voice  network 
expenses  by  more  than  $200K  per  year.” 

Michael  Shisko,  IT  Director,  Experio  Solutions 


Robust  IP  Phone  Systems 
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■Takes 


■  PeopleSoft  announced  a  partner¬ 
ship  with  IBM  last  week  to  offer  pre¬ 
configured  servers  running  IBM's 
DB2  database  and  middleware  prod¬ 
ucts  and  business  software  from 
PeopleSoft. 

PeopleSoft  said  it  will  begin  offer¬ 
ing  its  Accelerated  Solutions  soft 
ware  packages  on  IBM's  eServer  line 
to  customers  in  the  U.S.  and  six 
other  countries.  The  packages  are 
fixed-price  offerings  that  include 
PeopleSoft's  Internet  applications, 
technical  training  and  implementa¬ 
tion  services.  Until  now  they  were 
not  available  overseas.  The  package 
will  be  aimed  at  businesses  that  gen¬ 
erate  up  to  $300  million  in  annual  rev¬ 
enue.  PeopleSoft  currently  offers  10 
Accelerated  Solutions,  each  aimed 
at  various  industry  segments  and 
based  on  different  PeopleSoft  prod¬ 
ucts.  The  packages  come  with  unlim¬ 
ited  user  licenses  and  are  designed 
to  run  on  Unix  or  Windows  NT.  IBM 
Global  Services  also  will  take  part  in 
the  partnership,  promoting  People¬ 
Soft's  Accelerated  Solution  for  CRM 
to  its  customers,  www.peoplesoft 
.com;  www.ibm.com 

■  Network  Associates  announced 
last  week  it  has  agreed  to  purchase 
Traxess,  a  company  that  develops 
software  that  lets  businesses  moni¬ 
tor  and  store  data  about  their  em¬ 
ployees'  Internet  activity. 

Traxess,  based  in  Lindon,  Utah, 
developed  DragNet,  which  lets 
network  administrators  or  other  IT 
staff  access  a  copy  of  Internet  traf¬ 
fic  across  their  corporate  networks 
on  storage  subsystems  created  by 
Traxess.  Users  can  re-create  files 
sent  through  the  network,  read 
e-mail  or  view  Web  files  that  employ¬ 
ees  access.  Network  Associates  did 
not  disclose  financial  terms  of  the 
purchase. 

The  company  will  integrate  the 
DragNet  software  into  products 
from  its  Sniffer  Technologies  division, 
which  makes  network  analysis  soft¬ 
ware,  by  the  second  quarter  of  2003, 
it  says,  www.nac.com 


Lessons  from  Leading 


Web  service 


takes  college  to  school 


■  BY  ANN  BEDNARZ 

Among  3,654  freshmen  entering 
University  of  California,  Berkeley  this 
fall,  60%  submitted  a  required  form 
stating  their  intent  to  register,  and 
paid  the  associated  fee  by  credit 
card  via  the  Web  —  a  first  for  UC 
Berkeley  freshman,  who  in  past 
semesters  couldn’t  pay  the  fee 
online. 

This  undergraduate  admissions 
transaction  is  among  the  latest  that 
UC  Berkeley  is  automating  through 
its  new  central  credit  card  process¬ 
ing  system  for  campus  e-businesses. 
The  system  is  part  of  a  “paperless 
payment  processing”  initiative  being 
executed  by  UC  Berkeleys  Infor¬ 
mation  Systems  and  Technology 
department. The  goal  is  to  give  scat¬ 
tered  university  departments  a  se¬ 
cure  method  of  processing  credit 
card  transactions  over  the  Internet, 
reducing  paperwork  and  manual 
transaction  handling. 

See  Berkeley,  page  22 


E-business  assistance 


CyberSource  handles  the  communication  among  banks,  credit 
card  companies  and  financial  processing  parties,  so  UC  Berkeley 
doesn’t  have  to. 


Purchaser  places  an 
order  on  a  department 
Web  site. 


Department  e-commerce 
software  passes  the 
order  to  Berkeley's 
central  cashier’s  hub. 


CyberSource  collects  order 
information  and  routes  the 
transaction  through  its 
payment  gateway  to  financial 
processing  firms. 


Berkeley  cashier  s  hub 


Department 
Web  sites  for 
transactions 


ERP  system 
UC  Berkeley  LAN 


CyberSource  returns  transaction  details  to  the 
Berkeley  hub  and  updates  financial  systems. 


financial 
processing  firms 


Tool  eases  Active  Directory  mgmt. 


■  BY  JOHN  FONTANA 

Javelina  Software  this  week  will  release 
a  tool  kit  that  will  help  network  profes¬ 
sionals  streamline  and  automate  adminis¬ 
tration  of  Microsoft’s  Active  Directory'. 

The  company’s  ADvantage  tool  kit  is 
client  software  that  lets  users  perform 
what  amounts  to  batch  processing  and 
eliminates  the  need  to  perform  manual 
repetitive  tasks  or  create  customized 
scripts  for  procedures  such  as  mass  im¬ 
ports  of  users  or  resetting  passwords. 

The  software  also  features  a  search-and- 
replace  tool  that  allows  for  bulk  changes 
to  be  made  such  as  a  ZIP  code  change 
that  affects  users’  addresses  stored  in  the 
directory 

The  set  of  1 1  ADvantage  tools  also  can 
be  grouped  into  customized  subsets  with 


controlled  access  only  to  certain  features 
and  assigned  to  select  administrators. 

ADvantage  also  has  a  reporting  capa¬ 
bility  that  lets  users  extract  information 
from  the  directory,  such  as  all  accounts 


More  online! 


Get  the  lowdown  on  the  stand-alone  version 
of  Active  Directory. 

DocFinder.  2036 


that  soon  will  expire.  Those  reports  can 
be  imported  into  other  ADvantage  tools 
and  used  to  launch  bulk  modifications 
of  the  directory. 

“Trying  to  get  reports  out  of  Active 
Directory  is  like  trying  to  pull  teeth.  You 
have  to  create  scripts,"  says  Michael  Hart, 
senior  solutions  provider  for  Conteks,  a 
systems  integrator  in  Lexington,  Ky.  “With 
ADvantage  we  can  put  on  a  filter  to  create 
reports  on  anything  from  organizational 
units  to  the  entire  directory.” 

Hart  says  he  also  uses  the  software  to 
add  users  in  bulk  to  the  directory  espe¬ 
cially  after  a  merger. 

“In  one  instance  we  used  ADvantage  to 
add  3,800  users  as  part  of  a  mass  import 
and  were  able  to  create  200  to  300 
accounts  per  minute,”  Hart  says. 

See  Active  Directory,  page  22 
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Internet  telephony  is  beginning  to  take 
off.  It  might  be  on  a  sometimes-imper- 
ceptible  angle  of  ascent,  but  things  are 
happening. 

Hundreds  of  large  companies  are  ex¬ 
perimenting  with  Ethernet-based  phones 
and  voice-over-IP  (VoIP)  systems.  A  num¬ 
ber  of  companies  —  including  Cisco, in  a 
demonstration  of  eating  its  own  dog  food 
—  have  gone  “whole  hog"  for  the  new 
technology. 

At  the  same  time,  millions  of  people  are 
making  phone  calls  over  the  Internet  to 
reduce  the  cost  of  long-distance,  and 
sometimes,  local  phone  service.  Two  mil¬ 
lion  of  these  people  are  in  Japan  alone  — 


Are  numbers  prime? 


1.7  million  using  Fusion  Communications 
and  another  300,000  using  the  new  VoIP 
service  from  Softbank’s  Yahoo  broadband 
Internet. 

But  almost  all  these  users  share  a  com¬ 
mon  problem  —  they  use  phone  num¬ 
bers,  even  though  such  numbers  are  use¬ 
less  on  the  Internet. 

There  are  two  problems  with  using 
phone  numbers  for  IP  telephony  The  first 
is  that  phone  numbers  have  to  come  from 
some  place.  Because  they  were  devel¬ 
oped  to  identify  telephone  lines  in  the 
phone  system,  they  are  provided  as  an 
integral  part  of  a  phone  service,  and  the 
numbers  can  be  changed  at  the  whim  of 
the  phone  companies. 

Because  they  only  come  with  phone 
services,  you  currently  need  to  have  a 
phone  service  to  have  a  number  even  if 
you  want  to  use  only  the  number  and 
not  the  service.  (Part  of  the  Yahoo  ser¬ 
vice  fee  is  $13  per  month  paid  to  the 
phone  company  for  a  phone  line  just  to 


get  the  number). 

To  add  to  the  fun,  phone  numbers  do 
not  belong  to  the  user.  In  the  U.S.,  phone 
numbers  cannot  be  sold,  and  if  you  move 
to  another  state  you  cannot  take  your 
phone  number  with  you.  At  great  cost  to 
all  phone  users,  you  now  sometimes  can 
keep  the  same  number  when  switching 
between  phone  companies  in  the  same 
location. 

The  second  problem  with  phone  num¬ 
bers  is  the  more  important  one  —  with 
these  numbers  you  are  dehumanized  and 
turned  into  a  number.  Some  companies 
see  a  business  opportunity  in  this  dehu¬ 
manization,  but  I  hope  they’re  wrong. 

The  IETF’s  Enum  working  group 
(www.ietf.org/html.charters/enum-char 
ter.html)  has  developed  a  way  to  turn  a 
phone  number  into  one  or  more  domain 
name-based  pointers  that  can  be  used  to 
point  to  Internet  services  such  as  VoIP 
phones,  IP-based  voice  mail  boxes,  e-mail 
addresses  and  Web  pages.This  technology 
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is  part  of  an  important  transition  strategy 
but  should  not  be  an  end  goal. 

As  more  of  our  interactions  take  place 
over  the  Internet,  including  calls  made  on 
next-generation  cell  phones,  it  is  an  ideal 
time  to  migrate  from  numbers  to  human- 
friendly  name-based  systems.  E-mail  ad¬ 
dresses  and  Web  page  URLs  prove  that 
this  can  work.  These  names  can  be  map¬ 
ped  into  whatever  addressing  scheme  is 
needed  to  get  to  the  phone  itself,  but  the 
user  should  never  have  to  use  a  phone 
number. 

I  guess  I’m  just  not  a  number  kind  of  guy. 

Disclaimer:  Although  the  name  “Harvard 
University"  works  better  in  the  market¬ 
place  than  the  number  “161 74951 000,”  the 
university  did  not  express  an  opinion  on 
the  idea  of  converting  to  numeric  identi¬ 
ties.  I  did. 

Bradner  is  a  consultant  with  Harvard 
University's  University  information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


Berkeley 

continued  from  page  21' 

So  far  a  handful  of  departments 
are  up  and  running  with  paper¬ 
less  credit  card  processing. 
Thousands  of  university  appli¬ 
cants,  students  and  alumni  have 
purchased  goods  and  paid  fees 
online.  Several  more  projects  are 
in  the  works,  says  Gary  Thack¬ 
eray,  manager  of  departmental 
technology  solutions. 

The  paperless  system  depends 
on  a  service  from  CyberSource 
to  process  the  transactions  elec¬ 
tronically.  CyberSource  operates 
behind  the  scenes  to  authorize 
and  settle  electronic  payments 
through  built-in  connections 
with  third-party  processors  and 
merchant  banks. 

The  vendor  handles  multiple 
credit  card  types  —  including 
bank  cards,  private-label  cards, 
debit  cards  and  procurement 
cards  —  along  with  multiple  cur¬ 
rencies.  Companies  deploy  the 
software  in-house  or  use  Cyber- 
Source’s  hosted  services.  UC 
Berkeley  chose  the  latter. 

Before  CyberSource,  there  was 
no  standard  way  for  departments 
to  process  credit  card  payments 
online,  Thackeray  says.  A  few 
departments  had  tackled  credit 
card  processing  on  their  own, but 
most  didn’t  have  the  resources  to 
build  secure  systems,  he  says.“It’s 
very  costly  to  set  up  an  infra¬ 
structure  to  take  credit  cards,” 
Thackeray  says.  “So  we  kind  of 
shied  away  from  taking  credit 
cards  online." 

For  the  most  part,  when  people 
wanted  to  pay  the  university  by 
credit  card, they  could  by  phone, 


by  mail  or  in  person  —  options 
that  require  a  university  employ¬ 
ee  to  get  involved  and  manually 
swipe  or  enter  numbers  into  a 
credit  card  machine. 

Berkeley’s  paperless  processing 

A I  It’s  very  costly  to 
set  up  an  infrastruc¬ 
ture  to  take  credit 
cards.  So  we  kind  of 
shied  away  from  tak¬ 
ing  credit  cards 
online.  99 

Gary  Thackeray 

Manager  of  departmentmental 
technology  solutions,  Berkeley 

initiative  got  off  the  ground  last 
year  with  e-Giving,  an  online  sys¬ 
tem  for  accepting  fundraising 
donations.  The  Web  site  lets  any¬ 
one  with  a  Web  browser  give 
directly  to  the  campus  fund  of  his 
choice.  As  of  April,  the  e-Giving 
program  had  raised  more  than 
$360,000  and  handled  more  than 
1 ,200  online  transactions. 

University  Relations  was  the 
first  department  on  campus  to 
use  the  CyberSource  system, 
Thackeray  says.“Now  it’s  growing 
pretty  rapidlyf  he  says. 

Along  with  University  Rela¬ 
tions,  Graduate  Admissions  is 
using  CyberSource  to  let  pro¬ 
spective  graduate  students  pay 
their  application  fees  online 
using  a  credit  card  —  a  hefty 
chore  to  unload  considering 


the  graduate  division  processes 
about  20,000  applications  per 
year.  In  the  last  academic  year, 
Graduate  Admissions  handled 
3,274  payments  electronically, 
according  to  the  university 

The  university’s  retail  store  for 
computer  hardware  and  soft¬ 
ware,  called  The  Scholar’s  Work¬ 
station  also  accepts  online  credit 
card  purchases  from  students, 
faculty  and  staff.  Through  the 
Career  Services  department,  bus¬ 
inesses  that  participate  in  Ber¬ 
keley  career  fairs  can  register 
and  pay  the  fees  online. 

And  through  Parking  &  Trans¬ 
portation,  students  can  purchase 
parking  permits  online  with  a 
credit  card,  and  recipients  of 
parking  citations  can  pay  their 
tickets.  In  the  spring  2002  semes¬ 
ter,  695  student  parking  permits 
were  purchased  online.  In  its  first 
month  of  operation,  222  parking 
citations  were  paid  online. 

In  addition  to  these  services 
brought  online  during  the  past  12 
months,  Thackeray’s  group  is 
working  with  four  or  five  other 
departments  to  help  add  credit 
card  processing  to  their  Web  sites, 
he  says. 

The  way  the  system  works  is  that 
a  purchaser  places  an  order  on  a 
department  Web  site,  which  pass¬ 
es  the  order  information  to  a  cen¬ 
tral  cashier’s  hub  that  Thackeray’s 
department  built.  This  hub  han¬ 
dles  all  outbound  and  inbound 
CyberSource  transactions. 

Berkeley  transfers  the  order 
information  to  CyberSource  over 
the  Internet,  and  CyberSource 
routes  the  transaction-authoriza¬ 
tion  request  through  its  payment 
gateway  to  financial  processing 


firms.The  transaction  is  routed  to 
the  purchaser’s  bank  to  request 
transaction  authorization.  The 
transaction  is  authorized  by  the 
purchaser’s  bank  or  credit  card 
company,  which  approves  the 
transfer  of  money  to  the  acquir¬ 
ing  bank,  which  credits  the  mer¬ 
chant’s  account. 

CyberSource  returns  the  trans¬ 
action  details  to  Berkeley’s  hub 
and  updates  its  financial  systems. 
The  CyberSource  system  is  linked 
to  Berkeley’s  financial  systems  on 
the  back  end, Thackeray  says. 

Paperless  payment  processing 
is  an  official  e-Berkeley  project. 
Conceived  by  university  Chan¬ 
cellor  Robert  Berdahl,  e-Berkeley 
is  an  ongoing  campus  initiative 
to  upgrade  and  expand  Web- 
based  services  and  transform  the 
way  the  university  operates. 

In  broad  terms,  e-Berkeley  is 
about  reducing  paperwork  by 


Active  Directory 

continued  from  page  22 

Hart  used  a  file  created  from  a 
list  of  users  imported  from 
PbopleSoft  and  loaded  it  into 
ADvantage  to  create  attributes 
such  as  user  identifications,  pass¬ 
words  and  display  names.  Pre¬ 
viously,  he  had  to  write  custom 
scripts  that  made  calls  to  the  Ac¬ 
tive  Directory  Services  Interface, a 
more  complicated  process  that 
only  let  him  create  100  to  150  ac¬ 
counts  per  minute. 

“We  got  double  the  perfor¬ 
mance  with  ADvantage,  and  it  in¬ 
sulates  you  from  having  to  do 
any  programming,"  Hart  says. 

lavelina  competes  with  similar 


putting  more  information  and 
transactions  online;  aggregating 
campus  services  and  functions 
into  easily  accessible  Web  sites; 
and  streamlining  access  to  course 
information. 

UC  Berkeley  selected  Cyber¬ 
Source  on  its  own.  Now  the  UC 
system  —  which  consists  of  nine 
campuses  and  more  than  183,000 
students  —  is  following  its  lead. 
Last  month,  UC  chose  Cyber¬ 
Source  as  its  preferred  vendor  for 
electronic  payment  processing. 
Because  CyberSource  charges 
per  transaction,  leveraging  the 
university’s  full  buying  power 
makes  sense, Thackeray  says. 

Universitywide  centralization  is 
not  necessarily  typical,  but  it’s 
desired, Thackeray  says.“It’s  a  goal 
that  a  lot  of  the  campuses  are  try¬ 
ing  to  do  because  of  the  cost  sav¬ 
ings  and  security  opportunities. 
We  try.”  ■ 


tools  from  Hyena  and  Quest 
Technologies. 

“This  is  an  easier  way  to  man¬ 
age  Active  Directory  than  using 
the  native  Users  and  Computers 
tools,”  says  Elena  Kennedy,  mar¬ 
keting  manager  for  Javelina.She 
says  ADvantage  also  provides 
tools  not  found  in  Active  Di¬ 
rectory,  such  as  search-and- 
replace. 

The  ADvantage  client  runs  on 
Windows  2000  and  XP  Pro¬ 
fessional  desktops  and  on  Win 
2000  servers. 

The  software  is  available  now, 
and  costs  $500  per  administra¬ 
tor  until  year-end.  After  Dec.  31, 
the  price  will  increase  to 
$1,000.  ■ 
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Quantum’s  latest  mid-range  tape  library  is  the  IT  manager’s 
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The  ATL  M2500  enables 
you  to  start  out  small  and 
expand  as  needed  —  up  to 
18  drives  and  up  to  300 


Enterprise-class  performance. 
Mid-range  price. 


UitbiuM  Quantum  delivers  the  highest 
LTO  density  in  its  class — in 
the  most  compact,  scalable  rack.  That  is  why 
the  ATL  M2500  is  such  an  effective  solution 
for  today’s  mid-  sized  company.  Hot-swappable 
tape  drives  and  fans. 

Fibre  channel  and  SCSI 
interfaces.  Practical  fault 
tolerance.  Remote  man¬ 
agement.  And  an  intuitive 
graphical  user  interface, 
all  add  up  to  an  exception¬ 
al  experience. 


cartridges.  But  it  doesn't  end  there.  Because 
the  ATL  M2500  not  only  grows  within  its 
own  breed,  it  extends  the  capacity  of  its  little 
brother,  the  ATL  Ml 500,  by  simply  adding  it 
to  the  stack.  Now  that’s  investment  protection. 


The  ATL  M2500  puts 
high  performance  in  your  lap. 


True  incremental 
scalability.  Nothing 
else  stacks  up. 


With  features  and  capa¬ 
bilities  that  speak  for 
themselves,  the  ATL 
M2500  is  simply  your 
best  choice  for  high  per¬ 
formance  automated 


tape  backup.  Plus,  friend¬ 
ly,  eager  support  from 
Quantum  and  our  partners 
is  something  you  can 
always  depend  on. 
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^Providers 

■  THE  INTERNET  ■  EXTRANETS  ■  INTEREXCHANGE  AND  LOCAL  CARRIERS 

■  WIRELESS  ■  REGULATORY  AFFAIRS 


■  ^internetworking  last  week 
announced  it  is  expanding  its  perfor¬ 
mance-based  service-level  agree¬ 
ments  to  cover  its  PeopleSoft  ERP 
applications  such  as  human  re¬ 
sources  and  financial  management. 
The  application  service  provider 
already  offers  such  SLAs  for  its 
hosted  Microsoft  Exchange  applica¬ 
tion.  USi  crafts  the  SLAs  according 
to  customer  need.  It  then  monitors 
and  reports  on  the  performance  of 
application  transactions  and  pro¬ 
cesses  such  as  user  sign-on,  con¬ 
tent  searches  and  saves,  and  batch 
processing.  Performance  results  are 
accessible  via  USi's  USiView  client 
portal.  If  USi  fails  to  meet  applica¬ 
tion  performance  levels  specified  in 
the  SLA,  the  client  receives  a  ser¬ 
vice  credit  or  money  back  on  its 
monthly  bill. 

■  CVS  has  begun  using  an  IP  VPN 
from  AT&T  designed  to  improve  the 
pharmacy  chain's  customer  service 
capabilities  and  let  it  recover  more 
quickly  in  the  case  of  a  disaster.  The 
Woonsocket,  R.I.,  company  recently 
signed  a  multimillion  dollar  contract 
to  upgrade  its  AT &T  managed  net¬ 
work  service  with  an  IP-enabled 
frame  relay  service.  The  first  phase 
of  the  project,  scheduled  for  comple¬ 
tion  in  November,  will  convert  CVS's 
network  infrastructure  to  boost  net¬ 
work  efficiency  and  security,  and 
enable  disaster-recovery  capabilities. 
Next,  CVS  will  focus  on  adding  new 
applications  to  the  network. 

■  Sprint  last  week  said  it  is  extend¬ 
ing  its  SprintLink  IP  network  to  the 
capitals  of  Chile  and  Venezuela  to 
give  businesses  in  the  two  cities  a 
variety  of  Internet- based  telecom 
services.  Sprint  will  offer  local  and 
multinational  businesses  operating  in 
Santiago  and  Caracas  dedicated 
Internet  access,  IP  VPNs,  customer 
premises  routers,  managed  network 
services  and  security  services.  These 
are  the  first  two  cities  the  SprintLink 
IP  network  will  reach  in  Latin  Amer¬ 
ica.  Buenos  Aires,  Argentina,  and 
Bogota,  Colombia  are  next. 


Wireless  carrier  market 
prime  for  consolidation 

Observers  say  mergers  could  result  in  better  coverage  for  customers. 


■  BY  JENNIFER  MEARS 

With  the  economy  dragging  and  the  fed¬ 
eral  government  preparing  to  lift  spec¬ 
trum  caps,  wireless  carriers  are  doing  a 
dating  dance  that  could  lead  to  a  market 
consolidation  that  analysts  have  been 
expecting  for  some  time. 

The  thought  is  that  the 
six  national  carriers  oper¬ 
ating  today  —  Cingular, 

AT&T  Wireless,  Nextel, 

Sprint  PCS,  Verizon  and 
VoiceStream  —  will  be 
boiled  down  to  four  or  five 
big  players.  Industry 
watchers  say  consolidation  will  have  little 
effect  on  business  customers’ contracts,  but 
expect  it  will  result  in  broader  coverage 
and  better  services  as  carriers  combine 
resources. 

“Enterprise  customers  should  expect 
change.  But  1  don’t  think  consolidation  is 
going  to  be  a  price  story  It  will  be  a  quality 
and  capacity  story’ says  Jeff  Kagan, an  inde¬ 


pendent  telecom  industry  analyst  based  in 
Atlanta.“It  will  be  about  companies  getting 
healthier  and  being  able  to  provide  more 
applications  because  they  have  more  spec¬ 
trum  and  more  bandwidth.  It’s  about  an 
industry  that’s  maturing.” 

Rumors  about  consolidation  have  been 
swirling  this  summer,  with 
talk  initially  centered  on  a 
possible  acquisition  of 
VoiceStream  by  AT&T 
Wireless.  Today  Voice- 
Stream,  the  U.S.  wireless 
subsidiary  of  Deutsche 
Telekom  that  is  being  tran¬ 
sitioned  to  the  T-Mobile 
name,  is  reported  to  be  in  preliminary 
merger  talks  with  Cingular,  which  already 
uses  VoiceStream  infrastructure  to  provide 
services  in  New  York. 

Talks  are  at  a  very  early  stage,  but  ana¬ 
lysts  say  they  wouldn’t  be  surprised  to  see 
deals  coming  to  fruition  shortly  after  the 
first  of  the  year,  when  the  Federal 
Communications  Commission  is  slated  to 


lift  its  spectrum  limitations.  Until  then,  any 
merger  between  the  leading  carriers 
would  result  in  capacity  that  violated 
those  caps. 

“Since  the  mid-’90s,  wireless  has  been  the 
poster  child  for  competition.There  was  just 
so  much  growth,  and  so  many  competitors 
and  regulators  pointed  to  it  as  this  perfect 
model,"  Kagan  says.  “But  there  can  be  too 
much  of  a  good  thing.  At  this  point  we  have 
too  many  competitors.. . .  They’re  slicing  up 
the  pie  too  thin.” 

Struggle  for  profits 

While  the  number  of  wireless  sub¬ 
scribers  continues  to  grow  —  albeit  more 
slowly  than  in  the  past  —  carriers  are  find¬ 
ing  it  harder  to  turn  profits.  The  carriers 
are  challenged  because  increased  com¬ 
petition  has  resulted  in  price  wars  that 
have  led  to  services  such  as  long¬ 
distance  and  roaming  being  bundled  into 
plans  for  free.  In  addition,  the  carriers  all 
are  focused  on  the  costly  task  of  building 
See  Wireless,  page  26 


SBC  service  to  help  prioritize  apps 


■  BY  MICHAEL  MARTIN 

SAN  ANTONIO,  TEXAS  —  SBC  Com¬ 
munications  last  week  unveiled  a  service 
designed  to  help  customers  ensure  their  most 
important  applications  are  given  priority  when 
traveling  across  a  WAN. 

Called  Application  Performance  Man¬ 
agement,  the  offering  is  one  of  the  first 
managed  services  to  follow  traffic  at  the 
application  layer,  says  Michael  Harris,  an 
analyst  with  Gartner. 

The  biggest  hurdle  SBC  likely  will  have 
to  overcome  in  selling  the  service  is  stick¬ 
er  shock,  Harris  says.  For  a  customer  with 
a  T-l,  the  service  costs  approximately 
$4,000  per  site  for  equipment  and  a  con¬ 
sultation,  and  then  about  $500  per  month, 
per  site. 

“Customers  will  have  to  make  the  choice 
between  doing  this  kind  of  traffic  shaping 
or  just  throwing  more  bandwidth  at  their 


problems,”  Harris  says. 

For  users  who  have  slight  bursts  above 
their  normal  bandwidth  consumption,  traf¬ 
fic  shaping  likely  wouldn’t  be  worthwhile, 
observers  say  But  for  customers  who  expe¬ 
rience  big  bursts,  such  as  financial  institu¬ 
tions  doing  large  backups  regularly,  SBC’s 
service  might  be  a  fit. 

The  service  uses  equipment  from  Sitara 
Networks  that  sits  between  a  customer’s 
LAN  switch  and  WAN  router. 

Once  SBC  sets  up  the  Sitara  equipment, 
the  carrier  will  monitor  the  customer’s 
traffic  flow  for  two  to  four  weeks. Then  an 
SBC  analyst  will  work  with  a  customer  to 
place  its  applications  into  one  of  three  cat¬ 
egories  —  business-critical,  business- 
important  and  best-effort. 

SBC  will  go  over  the  customer’s  network 
traffic  monthly  and  make  any  necessary 
adjustments.  Customers  can  view  their 
application  traffic  at  any  time  through  a 


Managing  nicely 

According  to  research  firm  Ovum, 
the  worldwide  managed  service 
provider  market  will  grow  from 

about  $2.5  billion 

in  2001  to  about 

$15  billion  by  2006. 


secure, Web-based  portal. 

In  addition  to  its  traffic-shaping  features, 
SBC’s  service  provides  local  caching  of 
frequently  accessed  Web  pages  at  a  cus¬ 
tomer  site  to  reduce  WAN  traffic. 

The  service  works  with  any  type  of  WAN 
connection  and  is  interoperable  with 
Multi-protocol  Label  Switching,  automati¬ 
cally  mapping  applications  into  an  MPLS 
scheme. 

SBC:  www.sbc.com 
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Anything  can  happen  to  your  infrastructure. 
Make  sure  it’s  secure.  The  evolution  of  the  Internet 
has  led  to  increased  security  vulnerabilities.  In  this  challenging 

environment,  where _ can  happen  at  any  moment, 

Microsoft  understands  that  you  need  to  keep  your  infrastructure 
prepared  for  anything  and  everything  by  getting  it  secure 
and  keeping  it  secure.  Here’s  what  we're  doing: 


Securityfortoday:  Microsoft  provides  automated  security 
tools  and  updates:  immediate  free  support  for  virus-related 
incidents:  free  prescriptive  guidance:  and  the  resources  of 
the  Microsoft  Security  Response  Center,  available  seven 
days  a  week  to  keep  your  Microsoft  products  secure. 


Better  partnerships:  The  Microsoft  Gold  Certified  Partner 
Program  for  Security  Solutions  locates  the  best  providers  of 
security  solutions  for  your  IT  environment,  so  you  get  robust, 
secure  implementations  of  Microsoft  technologies. 


Security  for  the  future:  More  than  8,000  engineers  are 
designing  Microsoft  products  for  maximum  security  by 
performing  exhaustive  reviews,  developing  new  threat 
models  to  help  counter  risks,  and  delivering  products  with 
more-secure  default  policies. 


For  resource  kits,  webcasts,  and  other  information  that 
can  help  you  get  your  network  infrastructure  secure 
enough  to  handle _ ,  or  even  a 

_ _ visit  microsoft.com/enterprise/security 

Software  for  the  Agile  Business. 


‘Unisys  security  services ,  partnered  with  Microsoft  products 
and  solutions,  provide  our  customers  with  highly  secure  and 
cost-effective  mission-critical  solutions." 

.*>•5?  -Sunil  Misra,  Managing  Principal , 

Worldwide  Security  Practice,  Unisys 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


Let’s  take  a  look  at  one  of  the  hottest  yet 
least-heralded  trends  in  enterprise 
networking  lately:  videoconferencing. 
Virtually  all  my  large  enterprise  cus¬ 
tomers  are  reviewing  their  videoconfer¬ 
encing  strategies  for  two  main  reasons: 
travel  cost  and  technology  innovation. 

As  the  economy  slowed  last  summer, 
most  companies  cut  their  travel  budgets  by 
25%  or  more.  After  Sept.  1 1 ,  many  compa¬ 
nies  instituted  an  outright  travel  freeze. 

“We  had  cut  our  travel  budget  by  50% 
even  prior  to  9/11,"  says  the  head  of  tele¬ 
communications  at  one  large  company 
“Now  we  basically  don’t  travel.”With  the  air¬ 
lines  in  convulsions  and  the  economy 
remaining  flat,  it’s  not  likely  the  situation 
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Video  over  IP:  The  time  is  (sort  of)  nigh 


will  improve  any  time  soon. 

As  for  technology  innovation,  the  video- 
conferencing  market  clearly  is  at  an 
inflection  point.  Back  in  the  mid-nineties, 
the  big  news  was  that  advanced  com¬ 
pression  algorithms  could  reduce  band¬ 
width  requirements  for  video  to  (gasp!) 
T-l  speeds  and  below. These  products  still 
required  dedicated  networks  (leased 
line  or  ISDN),  but  for  the  first  time,  your 
average  big  company  could  deploy 
videoconferencing. 

That  was  then.  Now  the  first-generation 
companies  that  pioneered  these  ad¬ 
vances  have  been  swallowed  up  by  oth¬ 
ers:  VTEL  purchased  Compression  Labs  in 
1997,  and  PictureTel  became  part  of 
Fblycom  last  October. 

The  story  today  is  integration  with  IP 
Companies  such  as  VTEL,  Polycom  and 
WireOne  offer  both  products  and  ser¬ 
vices  enabling  video  over  IPFor  instance, 
last  spring  Cisco  introduced  the  IP/VC 
3540  multipoint  control  unit  as  part  of  its 
Architecture  for  Voice  Video  and 


Integrated  Data. 

Moreover,  as  noted  in  some  of  my  previ¬ 
ous  columns,  many  businesses  are  justify¬ 
ing  the  rollout  of  IP  VPN  services  by  con¬ 
solidating  their  video  and  data  networks. 

Does  this  mean  the  advent  of  ubiquitous 
video  over  IP  is  nigh?  Sort  of.  Most  compa¬ 
nies  still  are  hammering  out  functionality 
issues  with  their  installed  (conventional) 
equipment  base.  Says  one  video  manager, 
“The  perception  is  that  our  videoconfer¬ 
encing  services  are  broken.” 

The  main  concern  is  ease  of  use.  Despite 
decades  of  technology  innovation,  most 
videoconferencing  systems  remain  coun¬ 
terintuitive  and  difficult  to  use  —  which 
translates  to  being  expensive  to  support, 
because  you  have  to  maintain  a  bank  of 
technicians  to  answer  simple  questions 
(“Where’s  the  ‘on’  button?”).  The  result: 
Rolling  out  a  global  videoconferencing  ser¬ 
vice  still  requires  far  too  much  engineering 
—  particularly  of  the  human  kind. 

So  what’s  a  network  executive  to  do? 
First,  if  you  haven’t  looked  into  upgrading 


your  videoconferencing  services  and  sys¬ 
tems,  you  might  want  to  start.  Technology 
has  come  a  long  way  in  the  past  year  or 
two,  and  there  are  options  you  might  not 
have  considered  the  last  time  you  looked. 

Second, get  a  clear  understanding  of  how 
it’s  going  to  be  used  and  by  whom.  En¬ 
gineers  and  developers  naturally  will  have 
a  higher  tolerance  for  complex  user  inter¬ 
faces  and  spotty  performance  than  senior 
executives,  who  require  straightforward 
instructions  and  crystal-clear  quality. 
(Didn’t  I  put  that  politely?) 

Finally  if  you  aren’t  seeing  the  ease  of 
use  and  functionality  you  need  from  your 
vendors,  push  back.  Any  company  who 
wants  to  play  in  this  space  needs  to  make 
its  products  and  services  easy  and  conve¬ 
nient  to  use. 

Johnson  is  senior  vice  president  and 
CTO  for  Greenwich  Technology  Partners,  a 
network  consulting  and  engineering  firm. 
She  can  be  reached  at  johna@green 
wichtech.com. 


Wireless 

continued  from  page  23 

out  their  networks  to  support 
next-generation  services.  The 
hope  is  that  new  services,  such  as 
data  transmission,  will  provide  the 
additional  revenues  the  carriers 
need, but  adoption  has  been  slow. 

In  the  meantime,  wireless  com¬ 
panies  have  seen  their  stock 
prices  plummet  along  with  the 
rest  of  the  telecom  sector,  and  that 
is  helping  to  spur  a  move  toward 
consolidation. 

Deutsche  Telekom  has  con¬ 
firmed  that  it  is  considering  a 
sale  of  VoiceStream,  which  it 
acquired  last  year  in  a  cash/stock 
deal  initially  valued  at  about  $50 
million.  Today,  the  German  tele¬ 
com  company  reportedly  is  con¬ 
sidering  off-loading  VoiceStream 
to  help  raise  some  $6.9  billion  it 
needs  to  meet  its  debt  targets. 
Analysts  say  VoiceStream  would 

II ...  The  question  is 
who's  going  to  buy 
whom  and  for  how 
much.  II 

Andrew  Seybold 

Wireless  industry  analyst, 

Andrew  Seybold  Group 

fetch  only  between  $10  million 
and  $15  million. 

“It’s  one  of  the  strongest  exam¬ 
ples  of  buying  high  and  selling 
low,"  says  David  Chamberlain, 
research  director  for  wireless 
Internet  services  and  networks  at 


The  wireless  scene 

While  the  number  of  wireless 
subscribers  is  expected  to  boom 
over  the  next  few  years . . . 


2001  2006  2001  2006 


■  Overall  subscribers 

■  Business  subscribers 


. . .  many  major  carriers  are 
struggling  to  turn  a  profit . . . 

Operating  income/het  losses  for  the  first  six  months  of  2002: 
SUB 


S3.9B 

■  Verizon  ■  AT&T  Wireless  ■  Nextel 

■  Cingular  ■  Sprint  PCS  ■  VoiceStream 


. . .  leading  to  rampant  speculation  that  carriers 
will  form  mergers  to  combine  resources,  cut 
expenses  and  gain  market  share. 


VoiceStream 

5% 


Based  on  revenue  at  the  end  of  2001.  Total  market  is  $72.9  billion, 
including  service,  equipment  and  other  related  revenue. 

SOURCE:  IOC  ANO  COMPANY  REPORTS 


Probe  Research.”Overall,  weak¬ 
ness  in  the  market  is  driving  peo¬ 
ple  to  look  [for  merger  or  acquisi¬ 
tion  opportunities] .” 

Analysts  say  VoiceStream,  AT&T 
Wireless  and  Cingular  are  the 
three  wireless  carriers  most  likely 
to  be  in  play  at  this  point  because 
of  their  focus  on  GSM  and 
General  Packet  Radio  Service 
(GPRS). 

“AT&T  and  Cingular  don’t  have 
enough  spectrum  for  the  tech¬ 
nology  they’re  using,”  says  wire¬ 
less  industry  analyst  Andrew 
Seybold,  of  Andrew  Seybold 
Group. 

“Now  that  the  federal  govern¬ 
ment  has  said  there  will  be  more 
spectrum  available  in  2008, 
they're  realizing  the  only  way 
they’re  going  to  be  able  to  get 
enough  spectrum  is  to  acquire 
somebody  or  merge  with  some- 


bod/  Seybold  says. 

In  the  meantime,  carriers  are 
looking  for  ways  to  drive  down 
expansion  costs.  Partnerships 
have  formed.  Last  year,  Cingular 
and  VoiceStream  entered  into  a 
deal  in  which  they  share  infra¬ 
structure,  letting  Cingular  offer  ser¬ 
vices  in  New  York  City  and 
VoiceStream  to  provide  service  in 
California  and  Nevada.  In 
January  Cingular  announced  a 
joint  venture  with  AT&T  Wireless 
to  build  out  next-generation  net¬ 
work  coverage  along  3,000  miles 
of  interstate  highways  in  the  West 
and  Midwest. 

When  considering  consolida¬ 
tion,  several  issues  come  in  to 
play,  including  the  technology  the 
carriers  are  using.  As  the  carriers 
upgrade  their  networks,  they  are 
taking  different  routes. 

Verizon  and  Sprint  are  basing 


their  networks  on  new  Code 
Division  Multiple  Access  technol¬ 
ogy  called  lxRtt  (or  CDMA2000), 
which  today  has  average  speeds 
between  40K  and  60K  bit/sec  and 
can  support  bursts  up  to  144K 
bit/sec.  GPRS,  the  technology 
AT&T,  Cingular  and  VoiceStream 
are  using  to  upgrade  their  net¬ 
works,  supports  speeds  between 
20K  and  40K  bit/sec  with  bursts 
up  to  115K  bit/sec.  Meanwhile, 
Nextel’s  network  is  based  on 
iDEN,  a  digital  technology  Motor¬ 
ola  created  that  handles  speeds 
between  25K  and  30K  bit/sec, 
with  bursts  up  to  75K  bit/sec. 

Other  factors  that  will  affect 
mergers  are  where  carriers 
might  have  gaps  in  coverage 
and  how  a  merger  could  help 
fill  those  holes. 

“The  thing  to  remember  is 
everything  is  rumors  at  this 


point.  And  there  will  be  more 
and  more  rumors,” Seybold  says. 
“But  the  real  question  is 
whether  six  [national]  carriers 
can  survive.  That  indicates  that 
there  will  be  consolidation  in 
the  marketplace.  The  question  is 
who’s  going  to  buy  whom  and 
for  how  much.”  ■ 
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IP  CENTREX:  Extending  the  PBX. 


RBOCs  bringing  new  life  to  Centrex 


A  unifying  force 


Analog  or  digital 
phones 


■  BY  MICHAEL  MARTIN 

IP  Centrex  services  have  been  avail¬ 
able  through  competitive  service 
providers  for  more  than  a  year,  but 
with  the  regional  Bell  operating  compa¬ 
nies  now  set  to  launch  their  own  offer¬ 
ings,  the  technology  may  finally  come 
into  its  own. 

Like  regular  Centrex  services,  IP 
Centrex  off-loads  all  the  call  manage¬ 
ment,  moves,  adds  and  changes  from  the 
user  to  the  carrier.  Instead  of  maintain¬ 
ing  and  managing  a  PBX,  users  pay  a 
monthly  fee  to  their  carriers  for  a  service 
that  delivers  similar  functionality. 

But  IP  Centrex  —  which  will  soon  be 
available  from  BellSouth,  SBC  Com¬ 
munications  and  Verizon  —  boasts 
advantages  over  regular  Centrex.  For 
example,  IP  Centrex  customers  can  sim¬ 
plify  their  networks  by  running  voice 
and  data  over  their  LANs  and  a  common 
high-speed  WAN  connection,  whereas 
older  Centrex  services  were  restricted  to 
handling  voice  traffic  over  regular 
phone  lines. 

“[IP  Centrex]  could  take  a  small, but 
significant  portion  of  the  PBX  market,” 
says  Joe  Gagan, an  analyst  with  The 
Yankee  Group. 

There  are  two  markets  IP  Centrex  will 
appeal  to,Gagan  says.  One  is  organiza¬ 
tions  with  fewer  than  40  employees  and  a  need  for 
some  calling  features,  but  no  budget  to  maintain  a  PBX. 
Tire  other  is  organizations,  such  as  those  in  government 
and  education,  that  have  1,000-plus  end  users  but  don’t 
need  as  many  calling  features  as  some  large  companies. 

Centrex,  which  traditionally  has  appealed  to  small 
companies  with  limited  telephony  expertise,  accounts 
for  less  than  10%  of  the  overall  business  telecom  ser¬ 
vice  market.  A  typical  Centrex  service  costs  about  $30 
per  line,  per  month,  plus  a  small  fee  for  installation, 
whereas  a  PBX  costs  from  $500  to  $1,000  per  port 
upfront. 

There  are  several  reasons  for  traditional  Centrex’s 
lack  of  appeal:  Moves,  adds  and  changes  have 
required  calls  to  the  telecom  provider;  features  haven’t 
been  as  rich  as  those  in  a  PBX;  and  every  inbound 
voice  call  has  required  a  separate  line,  unless  a  com¬ 
pany  uses  a  more  expensive  ISDN  Centrex  service. 


Among  the  benefits  of  IP  Centrex 
is  that  it  can  let  customers  make 
moves,  adds  and  changes  through 
Web-based  portals  instead  of  having 
to  call  their  service  providers. 


Like  a  traditional  Centrex  service,  IP  Centrex  lets  a  customer  hand  off 
PBX  management  to  a  carrier,  which  then  would  handle  telephony 
functions  such  as  moves,  adds  and  changes.  Unlike  traditional  Centrex, 
the  IP  version  makes  it  so  that  customers  can  run  their  voice  and  data 
traffic  over  a  common  infrastructure. 


Analog  or  digital  phones  can  be  plugged  directly  into  a  gateway,  which 
translates  signals  into  digital  voice  and  packetizes  the  traffic. 


Customer  site 


Carrier  network 


IP  Centrex 
gateway 


Customer  site 
Customer  site 


fnnnnnnnJ^ 

Class  5  switch 


IP  phones  Router 


IP  phones  and  desktops  run  into  a  router,  which 
is  connected  to  the  IP  Centrex  gateway. 


All  voice  and  data  traffic  is  sent  over  one  high-speed  data  connection. 


IP  Centrex's  appeal 

Among  the  benefits  of  IP  Centrex  is  that  it  can  let 
customers  make  moves,  adds  and  changes  through 
Web-based  portals  instead  of  having  to  call  their  ser¬ 
vice  providers.  And  customers  don’t  need  to  worry 
about  whether  they  have  enough  individual  voice 
lines.  Instead,  they  just  need  to  be  concerned  with 
whether  the  one  broadband  data  connection  used  for 
both  voice  and  data  is  fat  enough. 

Another  advantage  of  IP  Centrex  is  that  it  lets  remote 
or  traveling  workers  stay  more  connected  to  the  office 
by  letting  them  keep  their  office  phone  numbers  and 
calling  features  with  them  at  home  or  on  the  road. 
Because  the  phone  number  and  calling  features  are 
tied  to  an  IP  address,  all  a  user  needs  is  a  connection 
back  to  the  corporate  LAN. This  feature  also  helps  with 
in-office  moves. 

“You  can  unplug  your  phone  on  the  LAN,  move  to 
another  office,  plug  it  in  and  it  will  recognize  your 
phone  number,”  says  Lou  Morales,  director  of 
Centrex  product  marketing  for  SBC,  which 
plans  to  launch  IP  Centrex  in  five  cities  later 
this  month  or  early  in  October.  A  broader  roll¬ 
out  is  scheduled  for  next  year. 

The  government  and  education  sectors  have 
been  most  interested  in  IP  Centrex,  says 
Melanie  Murphy,  executive  director  of  premises 
solutions  for  SBC. Those  sectors  are  also  SBC’s 
biggest  purchasers  of  traditional  Centrex. 

“Most  likely  it’s  because  they  have  to  work 
within  fixed  annual  budgets,  and  with  Centrex 


and  IP  Centrex  there  are  no  big  upfront 

costs,”  she  says. 

Because  IP  Centrex  is  a  fully  managed 
service,  the  customer  does  not  have  to 
purchase  any  special  equipment, 
Morales  says.  All  SBC  requires  for  IP 
Centrex  is  a  minimum  commitment  of 
15  lines,  a  100M  bit/sec  LAN  and  an 
assessment  of  the  customer’s  LAN  to 
ensure  it  can  handle  packetized  voice. 

The  key  IP  Centrex  technology  is 
housed  mainly  within  the  carrier  net¬ 
work  (see  graphic).  It  relies  on  either  a 
Class  5  switch  or  softswitch  at  the  cen¬ 
tral  office  to  provide  calling  features. 
Providers  using  Class  5  switches  sepa¬ 
rate  the  data  traffic  from  the  voice  using 
a  network  gateway  on  the  carrier  side 
and  a  customer  gateway,  or  IP  phones 
that  act  as  their  own  gateways,  at  the 
customer  premises. 

Providers  using  softswitches  also 
employ  network  gateways  at  the  cus¬ 
tomer  premises  but  rely  on  signaling 
gateways  in  the  central  office  to  send 
voice  traffic  to  the  public  switched  tele¬ 
phone  network. 

Crowded  market 

Among  the  other  carriers  giving  IP 
Centrex  a  shot  is  BellSouth,  which  has 
conducted  technical  trials  and  plans  to 
roll  out  services  later  this  year. 

Like  SBC,  BellSouth  will  target  accounts  with  1,000  or 
more  end  users.  Much  of  the  customer  interest  so  far 
has  come  from  companies  looking  to  give  teleworkers 
data  and  voice  service  with  advanced  calling  features 
over  one  broadband  connection,  a  company 
spokesman  says. 

Verizon  also  is  getting  set  to  launch  an  IP  Centrex 
service,  but  with  a  twist. The  carrier  will  make  the  ser¬ 
vice  available  out  of  region  in  Chicago,  a  market 
where  SBC  is  the  incumbent.  Unlike  BellSouth  and 
SBC,  Verizon  will  use  GoBeam  to  launch  a  Verizon- 
branded  service. 

Until  now,  GoBeam  probably  has  been  the  most  suc¬ 
cessful  IP  Centrex  service  company, Yankee’s  Gagan 
says. The  company  provides  service  directly  to  approx¬ 
imately  10,000  businesses  across  the  country  and 
through  a  wholesale  channel. 

One  reason  IP  Centrex  has  struggled  to  take  off,  Gagan 
says,  is  that  equipment  providers  first  tried  to  sell  their 
wares  to  competitive  providers.  When  many  of  those  car¬ 
riers  went  bankrupt,  the  equipment  companies  were  left 
with  almost  nothing  to  show  for  their  efforts. 

Another  reason  is  that  it’s  difficult  to  engineer  a  data 
network  to  provide  emergency  91 1  service,  integrate  it 
with  old  telephony  systems  and  provide  acceptable 
quality  of  service  for  voice. 

The  RBOCs  finally  are  getting  into  the  market,  Gagan 
says,  because  of  customer  pressure. 

“A  lot  of  customers  aren’t  happy  with  existing 
Centrex  services,  so  the  RBOCs  are  being  forced  to  do 
something,”  he  says  ■ 
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Winning  with  Linux8  and  Intel?  Online  diversified  financial  services  company  E*TRADE  Group,  Inc.,  has  just 
installed  90  IBM  (©server  xSeries™  servers  running  Linux  to  support  their  E*TRADE  Financial  Web  site. 
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All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments  will  vary  depending,  among  other  things,  on  individual 
customer  configurations  and  conditions.  IBM.  the  e-business  logo,  e-business  is  the  game.  Play  to  win  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation.  Linux  is  a  registered 
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Linux  ready  with  self-managing  features  for  every  e-business. 

Intel  -based  /  xSeries™ 

It’s  an  affordable  and  powerful 
combination  of  mainframe- 
inspired  reliability  and  smart 
systems  management  tools. 

UNIX5'/  pSeries™ 
Highly  available,  highly  affordable 
and  highly  coveted.  The  pSeries  is 
the  platform  of  choice  for  powerful 
UNIX  and  Linux  solutions. 


Midrange  /  iSeries™ 

Brings  easy-to-deploy,  plug  and 
play  e-business  to  your  business. 
Sophisticated  technology  that’s 
easy  to  manage  and  Linux  ready. 


Mainframe  /  zSeries™ 

Maximum  reliability,  maximum  power, 
maximum  flexibility.  Designed  for 
up  to  99.999%  uptime1  to  handle  the 
demands  of  today’s  e-businesses. 


Winning  through  performance,  weather.com  is  now  under  the  umbrella  of  IBM  (©server  xSeries.  By  installing 
IBM  Intel  processor-based  servers  running  Linux,  weather.com  dramatically  increased  their  ability  to  scale  and  is 
enjoying  even  faster  response  times.  For  a  guide  on  how  our  self-managing  features  can  benefit  your  business, 
visit  ibm.com/eserver/weather2  <©£*«,  «  * fe  j**. 
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Long-haul  carrier  gets  packets 

Infrastructure  saves  money  and  sets  stage  for  new  services. 


m  DSET  announced  a  new  version 
of  its  electronic  bonding  software 
for  service  providers  that  speeds 
the  ordering  of  services  between 
service  providers.  If  one  carrier 
needs  a  local  circuit  to  complete  a 
dedicated  line  to  a  customer,  the 
ezAccess  3.4  software  can  trans¬ 
mit  the  order  without  the  manual 
copying  of  requests  that  can  cre¬ 
ate  errors. 

This  latest  version  of  ezAccess 
supports  industry  standard  Access 
Services  Ordering  Guidelines  that 
were  issued  last  month. 

■  Semiconductor  maker  Voyan 
says  it  can  demonstrate  compo¬ 
nents  that  deliver  10M  bit/sec  to 
50M  bit/sec  on  copper  pairs  over 
distances  of  9,000  to  12,000  feet. 
This  is  a  significant  improvement 
over  DSL  technology  that  performs 
slightly  better  than  T-1  speeds  over 
those  distances.  DSL  can  deliver 
higher  bandwidth,  but  only  over 
short  stretches.  The  Voyan  technol¬ 
ogy  has  not  yet  been  put  in  com¬ 
mercial  products. 
www.voyan.com 

■  Hatteras  Networks,  which  is 
also  making  more  efficient  use  of 
existing  copper  access  lines  by 
running  Ethernet  over  them  at  up 
to  12,000  feet,  has  managed  to  get 
venture  capitalists  to  believe  in  its 
ideas.  The  company  has  received 
$45  million  from  Com  Ventures, 
Grotech  Capital  Group,  Bessemer 
Venture  Partners  and  Columbia 
Capital. 

■  Zhone  Technologies  has 

announced  upgrades  to  its  Sechtor 
300  access  gear  for  service  pro¬ 
vider  networks.  The  equipment, 
which  can  be  placed  in  remote  ter¬ 
minals  or  switching  offices,  now 
supports  automatic  remote  testing 
of  the  gear,  a  two-port  STS-1 
optical  card  and  aggregating  basic- 
^aie  interface  ISDN  lines  by  using 
:.  s;ng!e  control  channel  per 
♦our  payload  channels. 
www.zhone.com 


■  BY  TIM  GREENE 

BUTTE,  MONT.  —  The  long-distance  arm 
of  Touch  America  has  shifted  from  the  old 
way  of  supporting  voice  services  to  an  IP- 
based  platform  that  can  support  existing 
services  and  a  batch  of  new  ones  that  the 
legacy  technology  cannot. 

The  carrier  has  installed  packet  equip¬ 
ment  from  Bay  Packets  that  replaces  ser¬ 
vice  control  point  (SCP)  technology  it  had 
been  leasing  from  other  carriers  to  support 
advanced  circuit-switched  offerings  such 
as  toll-free  phone  services  and  virtual  pri¬ 
vate  voice. 

In  addition  to  installing  Bay  Packets’ 
Rapid  Service  Introduction  system,  the 
provider  has  moved  from  leased  Nortel  cir¬ 
cuit  switches  to  Sonus  softswitches,  says 
Mike  Clark, Touch  America’s  director  of  ser¬ 
vices  engineering.  Initially,  the  carrier 
leased  the  Nortel  gear  from  carriers  such  as 
Qwest,  whose  long-distance  customer  base 
it  bought  two  years  ago. 

Touch  America’s  customers  can  see  no 
difference  in  the  quality  of  their  services 
despite  the  change  in  underlying  network 
infrastructure,  Clark  says.  They  also  see  no 
next-generation  services  yet;  those  are  still 
in  the  future. 

Meanwhile,  Touch  America  is  reaping 
benefits.  For  instance,  the  carrier  needs  less 
space  and  power  to  accommodate  the  Bay 
Packets  gear,  which  takes  up  a  half  rack  vs. 
two  racks  occupied  by  traditional  SCP 
offerings  from  companies  such  as  Alcatel 
and  Tekelec. 

Managing  the  gear  also  is  more  cost-effec¬ 
tive  because  it  uses  a  graphical  user  inter¬ 
face  that  requires  less  training  to  learn  than 
the  command-line  interface  used  by  the 
other  equipment,  Clark  says.  Once  techni¬ 
cians  learn  the  GUI,  they  can  set  up  ser¬ 
vices  faster  than  by  using  command-line 
interfaces,  he  says. 

The  new  setup  also  leaves  open  the  pos¬ 
sibility  of  granting  customers  Web  access 
to  service  provisioning  so  they  can  set  up 
user  groups  within  their  voice  VPNs  and 
manage  their  dial  plans  without  assis¬ 
tance  from  Touch  America  personnel. 

The  time  to  implement  Bay  Packets’ 
equipment  is  less  than  60  days  vs.  she 
months  for  the  SCPs.  And  developing  new 
service  software  takes  less  time,  according 
to  Clark. 

He  says  the  cost  of  Bay  Packets’  equip¬ 
ment  was  significantly  less  than  that  of  the 


SCPs,  but  because  of  confidentiality  agree 
ments  Clark  made  with  the  SCP  vendors,  he 
could  not  say  how  much  less. 

Because  Bay  Packets  gear  uses  session 
initiation  protocol  (SIP),  it  leaves  open  the 
possibility  of  services  that  could  benefit 
call  centers. 

For  example,  a  SIP  invitation  that  initiates 
a  phone  call  also  could  dip  into  a  database 
for  information  about  the  caller’s  customer 
history  so  the  call  center  agent  has  a  com¬ 
puter  screen  of  customer  data  before  pick¬ 
ing  up  the  phone. 

“When  we  use  SIP  all  the  way  to  the  cus¬ 
tomer,  this  will  be  a  clear  differentiator  for 
our  services,”  Clark  says.  ■ 


■  BY  STEPHEN  LAWSON 

SANTA  CLARA  —  Intel’s  drive  into  opti¬ 
cal  networking  will  produce  a  transceiver 
with  a  tunable  laser  and  a  processor  that 
should  help  carriers  send  signals  reliably 
over  longer  distances,  both  of  which  could 
help  lower  the  cost  of  optical  networks, 
according  to  sources  familiar  with  the 
company’s  plans. 

The  Santa  Clara  company  is  developing 
the  products  as  part  of  a  broad  initiative 
in  the  optical  network  equipment  mar¬ 
ket.  The  timing  of  the  introductions  of 
these  two  products  was  not  clear,  and  In¬ 
tel  declined  to  comment  on  unan¬ 
nounced  products. 

Over  the  past  two  years  Intel  has  made 
massive  investments  and  bought  several 
companies  in  the  optical  arena,  with  a 
vision  of  optical  fiber  as  the  high-speed 
connection  of  the  future  in  large  enterprise 
and  service-provider  networks,  said  Sean 
Maloney,  vice  president  and  general  man¬ 
ager  of  Intel’s  Communications  Group,  at 
the  Intel  Developer  Forum  in  February 

The  company  aims  to  reduce  the  cost  of 
optical  gear  through  economies  of  scale, 
similar  to  the  downward  trend  in  micro¬ 
processor  prices. 

The  upcoming  transceiver  will  be  Intel’s 
first  to  use  a  tunable  laser,  which  can  be 


Doing  it  a  new  way 

Service  provider  Touch  America  is 

moving  away  from  TDM  gear  to  reap 

the  benefits  of  packet  technology. 

•  Packet  gear  takes  up  less  space  and 
uses  less  power. 

•  New  services  can  be  implemented 
faster. 

•  TDM  equipment  is  more  expensive. 

•  Users  can  control  their  own  services 
directly  via  packet  interfaces. 

•  Packets  make  more  efficient  use  of 
bandwidth. 


adjusted  to  transmit  several  different 
wavelengths,  according  to  sources  famil¬ 
iar  with  the  plans. 

In  wavelength  division  multiplexing  sys¬ 
tems,  one  fiber  can  carry  multiple  wave¬ 
lengths  of  light,  each  carrying  its  own  data 
signal.  Tunable  lasers  are  designed  to 
reduce  a  high-cost  requirement  in  current 
systems  that  use  fixed-wavelength  lasers: 
Carriers  need  to  have  one  replacement 
laser  on  hand  for  each  one  in  active  use.  A 
tunable  back-up  laser  can  substitute  for 
any  of  a  number  of  different  lasers.  Intel  is 
expected  to  develop  a  more  widely  tun¬ 
able  laser  that  can  be  tuned  to  use  an  even 
larger  number  of  wavelengths. The  compa¬ 
ny  will  develop  this  laser  using  technology 
it  acquired  in  May  from  New  Focus,  the 
sources  say  (see  www.nwfusion.com, 
DocFinder  2029). 

Lawson  is  a  correspondent  with  the  IDG 
News  Service  s  San  Francisco  bureau. 

More  online! 

Learn  more  about 
Intel's  laser  plans. 

DocFinder  2035 


Intel  readies  optical  parts 
to  lower  carriers'  costs 

Tunable  lasers,  processor  to  improve  efficiency. 


SHAPING  YOUR  NETWORK 

Portal  standards  for  Web  services 


■  BY  THOMAS  SCHAECK  AND 
STEFAN  HEPPER 

Pbrtlets.or  portal  applets,  are  visual  com¬ 
ponents  that  make  up  a  Web  page  residing 
in  a  Web  portal.  Typically,  when  an  end 
user  requests  a  personalized  Web  page, 
multiple  portlets  are  invoked  when  that 
pages  is  created. 

An  example  is  a  news/financial  portal 
that  displays  a  single  page  including  up¬ 
dated  financial  news,  a  report  on  how  the 
stock  market  is  doing  and  the  latest  infor¬ 
mation  on  stocks  of  interest  to  the  end 
user.  Each  component  has  its  own  portlet. 

Portlets  rely  on  APIs  to  access  various 
types  of  information,  such  as  user  pro¬ 
file.  The  lack  of  standards  has  led  portal 
server  platform  vendors  to  define  propri¬ 
etary  APIs  for  local  portal  components 
and  for  invocation  of  remote  compo¬ 
nents.  This  creates  interoperability  prob¬ 
lems  for  portal  customers,  application 
vendors,  content  providers  and  portal 
software  vendors. 

Java  Pbrtlet  API  and  Web  Services  for 
Remote  Portals  (WSRP)  standards  are 
being  developed  to  overcome  these  prob¬ 
lems,  providing  interoperability  between 
portlets  and  portals,  and  between  portals 
and  user-facing  Web  services. 

Java  Portlet  API  establishes  interoper¬ 
ability  between  portlets  and  portals.  All 
portlets  written  to  a  portlet  API  will  run  on 
all  compliant  portal  servers. 

Similarly,  WSRP  will  enable  interoper¬ 
ability  between  portals  and  WSRP-compli- 
ant  Web  services  for  portals. 

Java  Portlet  API  will  cleanly  separate 
portlets  from  the  surrounding  portal 
server  infrastructure  so  that  the  portlets 


■  HOW  IT  WORKS 


Portlet  standards  for  Web  services 

Java  Portlet  API  and  Web  Services  for  Remote  Portals 
(WSRP)  creates  interoperability  between  portals,  portlets 
and  Web  services. 


Portal  Server  A  makes  portlet  available  by  pub¬ 
lishing  it  in  a  UDDI  directory  as  a  WSRP  service. 


© 


Portal  Server  B  finds  the  portlet  entry  in  the 
UDDI  directory  and  adds  it  to  its  portal  registry. 


Portlet  registry 


When  the  portlet  is  requested,  Portal  Server  B  sends  a 
request  via  Simple  Object  Access  Protocol  and  Portal  Server 
A  sends  the  WSRP  service  via  SOAP  to  Portal  Server  B. 


End  user  can  select  the 
portlet  when  he  customizes 
his  Web  portal  page. 


End  user 


can  run  on  different  portal  servers,  just 
as  servlets  can  run  on  different  applica¬ 
tion  servers. 

WSRP  services  are  presentation-orien¬ 
ted,  user-facing  Web  services  that  plug  and 
play  with  portals  or  other  applications. 
They  are  designed  to  let  businesses  pro¬ 
vide  content  or  applications  in  a  form  that 
does  not  require  any  manual  adaptation. 
Portals  easily  can  aggregate  WSRP  ser¬ 
vices  without  programming  effort. 

Because  WSRP  includes  presentation 
features,  WSRP  service  providers  can 
determine  how  end  users  see  their  con¬ 
tent  and  applications,  and  to  what  degree 
adaptation,  transcoding  and  translation 
might  be  allowed. 

WSRP  services  can  be  published  into 


public  or  corporate  service  directories 
(Universal  Description,  Discovery  and 
Integration),  where  portals  that  want  to 
display  their  content  can  find  them  easily. 

Using  WSRP  portals  can  easily  inte¬ 
grate  content  and  applications  from 
internal  and  external  content  providers. 
A  portal  administrator  simply  picks 
desired  services  from  a  list  and  inte¬ 
grates  them. 

The  WSRP  standard  will  define  a  Web 
services  interface  using  Web  Services 
Description  Language.  The  standard  lets 
WSRP  services  be  implemented  in  differ¬ 
ent  ways,  be  it  as  a  Java/Java  2  Platform 
Enterprise  Edition  (J2EE)-based  Web  ser¬ 
vice,  a  Web  service  implemented  on  the 
.Net  platform  or  a  portlet  published  as  a 


WSRP  service  by  a  portal. 

The  standard  enables  use  of  generic 
adapter  code  to  plug  any  WSRP  service 
into  intermediary  applications  rather 
than  requiring  specific  proxy  code.  This 
will  allow  implementation  of  WSRP  ser¬ 
vices  on  any  Web  services-capable  plat¬ 
form,  be  it  J2EE  or  .Net.  The  WSRP  tech¬ 
nical  committee  plans  to  have  Version 
1 .0  ready  by  year-end. 

Java  Portlet  API  and  WSRP  will  be  able 
to  cooperate  in  a  beneficial  way  WSRP 
services  could  be  integrated  in  portals 
through  portlet  proxies  written  to  the 
Java  Portlet  API.  Conversely,  portlets 
could  be  wrapped  in  and  published  as 
WSRP  services. 

Once  a  portlet  entry  is  listed  in  the  UDDI 
directory  other  portals  can  find  and  bind 
to  the  referenced  WSRP  service. To  make  a 
WSRP  service  available  as  a  portlet,  the 
portal’s  administration  may  create  an 
entry  in  the  local  portlet  registry  with  the 
information  obtained  from  UDDI. 

For  example,  once  the  entry  is  in  the 
local  portlet  registry  users  might  select  it 
and  put  copies  of  it  on  their  pages.  When 
a  portlet  proxy  is  invoked  during  page 
aggregation,  the  portlet  proxy  will  gener¬ 
ate  a  Simple  Object  Access  Protocol 
(SOAP)  request  and  send  it  to  the  WSRP 
service.  Then  it  receives  the  SOAP  re¬ 
sponse  from  the  WSRP  service  and  pro¬ 
vides  the  result  to  the  portal. 

Schaeck  is  an  architect  in  WebSphere 
Portal  Sewer  development  at  IBM  and 
chair  of  the  WSRP  technical  committee. 
Hepper  is  part  of  the  IBM  WebSphere  Por¬ 
tal  Sewer  project  and  co-leads  the  group 
standardizing  Java  Portlet  API. 


Dr.  Internet 


By  Steve  Blass 


We're  designing  a  frame  relay  network  and  a 
major  issue  is  zero  tolerance  of  downtime.  What 
is  the  threshold  of  too  much  redundancy?  We've 
designed  a  location  where  the  customer  will  host 
his  server  for  remote  users  to  access.  The  cus¬ 
tomer  will  not  be  able  to  physically  touch  his 
servers,  so  dual  routers,  dual  switches  and  dual 
network  interface  cards  have  been  added  to  the 
servers.  A  mirrored  setup  is  in  a  location  80 
miles  away.  Should  there  be  only  one  router  per 
site  backing  up  each  other,  or  should  we  contin¬ 


ue  with  dual  routers  per  site? 

The  threshold  of  too  much  redundancy  is  found 
where  the  cost  of  the  increase  in  availability 
exceeds  the  cost  of  the  business  loss  that 
would  result  from  an  outage.  Zero  downtime 
can  be  expensive.  Are  there  two  frame  relay 
entrances  to  each  site  from  separate  carrier 
backbone  switches  or  would  the  redundant 
routers  be  connecting  to  the  same  WAN  cir¬ 
cuits?  Look  at  your  overall  mean-time-between- 


failure  and  mean  time- to- repair  considerations 
to  decide  whether  dual  WAN  routers  make  the 
most  sense  for  your  network  reliability  dollars. 
Go  to  www.nwfusion.com,  DocFinders:  2032 
and  2033,  to  find  some  links  about  calculating 
overall  system  availability  for  component- 
based  systems. 

Blass  is  a  network  architect  at  Change 
@Work  in  Houston.  He  can  be  reached  at 
dr.internet@changeatwork.com. 
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INSIDE  THE 
NETWORK 
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Mark 
Gibbs 


This  week: Talking  heads.  No,  not  the 
pop  group  —  something  called 
Veepers,  one  of  the  coolest  Web  pre¬ 
sentation  tools  we’ve  seen  for  awhile. 

A  Veepers  presentation  (called  “a 
Veeper”)  is  a  simulation  that  displays  a 
cunningly  animated  and  manipulated  pho¬ 
tograph  of  someone’s  head  to  make  it  look 
as  if  the  head  is  talking.  The  illusion  is 
made  convincing  via  high-quality  images 
and  eye  blinks, head  movements  and  facial 
expressions,  along  with  mouth  movements 
that  are  synchronized  with  speech. 

The  Veepers  playback  engine  is  a  propri¬ 
etary  ActiveX  component  around  a  half 
megabyte  in  size  that  is  downloaded  and 
installed  when  you  load  a  Veepers  presen¬ 
tation  on  your  PC.  The  content  is  then 
downloaded  as  a  stream  by  the  ActiveX 
component,  and  the  talking-head  image  is 
generated  in  real  time  on  your  PC. 

Creating  a  Veepers  presentation  is  easy. 
The  big  pain  is  getting  a  good  image  for  the 
Veepers  development  environment  (VDE) 


Technology  Update _ 

Jeepers!  Veepers! 


to  work  with  successfully 

The  VDE  orchestrates  a  simple  process: 
First  you  load  a  photograph  and  optionally 
select  a  background.  The  photo  subject 
must  have  a  neutral  expression,  no  glasses 
and  lips  closed.The  background  should  be 
a  neutral  gray 

We  had  to  mess  around  a  lot  to  get  a 
background  that  the  VDE  could  correctly 
identify.  We’d  like  to  be  able  to  use  an 
image  editor  to  fill  in  the  photo  back¬ 
ground  with  a  specific  color  and  then  be 
able  to  select  that  color  as  the  back¬ 
ground  in  the  VDE. 

Next,  you  identify  the  eyes  by  centering 
blue  and  green  dots  over  the  left  and  right 
eyes  respectively  (the  movable  dot  method 
is  used  in  all  the  following  steps). The  next 
step  is  to  set  regions  that  identify  the  whole 
head  and  within  that  the  area  of  the  face. 
Then  you  set  the  corners  of  the  eyes  and 
mouth  and  the  outline  of  the  nose,  then  the 
outlines  of  the  eyes  and  the  line  where  the 
lips  meet. 

This  is  our  second  complaint:  Once  you 
finish  the  project  you  can’t  go  back  and 
tweak  it. 

You  can  load  your  Veeper  into  a  browser 
window  to  test  the  results  with  sound 
samples.  The  results  are  eerie:  Until  it  is  to 
say  something,  the  talking  head  floats  over 
its  background  moving  slightly  as  a  real 


head  does,  blinking  occasionally. 

Unless  you  take  a  lot  of  care  defining  the 
eye  outlines,  blinks  can  look  weird  and 
while  the  mouth  movement  is  good,  it 
sometimes  looks  a  little  unreal  (we  think 
the  teeth  that  are  synthesized  when  the 
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Product:  Veepers,  a  system  for  creating 
talking  heads  on  the  Web. 
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Vendor:  Pulse 

www.pulse3d.com 


lips  open  are  too  well-defined  to  look 
quite  right). 

To  build  a  full  Veepers  presentation,  you 
need  to  use  the  Pulse  Audio  Manager  to 
process  a  voice  recording. This  builds  the 
synchronization  between  what  is  being 
said  and  lip  movements,  and  you  also  can 
use  it  to  add  head  movements,  blinks  and 
expressions  (happy, sad,  frown  and  so  on). 
Pulse  Audio  Manager  can  import  a  voice 
recording  or  record  it  directly 

The  Audio  Manager  saves  the  processed 
file  in  a  proprietary  format  that  includes 
all  the  head  movements  and  expressions 


www.nwfusion.com 


along  with  the  sound. To  create  a  Veepers 
presentation  to  run  off  a  CD  or  the  Web, 
you  use  the  Pulse  Structor  Utility  to  drop 
the  Veeper  into  a  Web  page,  define  which 
audio  file  to  use  and  specify  actions. You 
also  can  drive  the  Veeper  from  JavaScript 
and  even  use  Veepers  text-to-speech  ser¬ 
vices  to  create  synthetic  voices. 

Finally  you  can  publish  the  content.  If  the 
content  is  to  be  shown  commercially, 
there’s  a  licensing  system,  and  various  de¬ 
ployment  tests  —  such  as  checking  the 
domain  from  which  the  content  is  down¬ 
loaded  —  are  done  to  ensure  compliance. 

Here’s  our  final  criticism: The  output  has 
an  overly  complex  and  unintuitive  direc¬ 
tory  structure  that  makes  integration  with 
existing  content  too  complex. 

Overall,  the  results  are  impressive  and  the 
system  is  easy  to  use.  Pulse  executives  say 
the  next  version  will  improve  on  the  real¬ 
ism  of  face  rendering  and  performance. 
Priced  starting  at  $50,000  with  commercial 
playback  billed  by  usage  time,  Veepers  is 
pretty  pricey 

Veepers  gets  an  overall  Gearhead  rating 
of  B-  (see  www.gibbs.com/gearhead/  for 
our  new  product  rating  system).  Check  out 
this  column  rendered  with  Veepers  at  the 
same  address. 

Headlines  to  gearhead@gibbs.com. 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Logitech  launches  new  keyboards 

Logitech  recently  released  three 
new  corded  keyboards,  aimed  at 
budget-minded  consumers,  that 
offer  many  of  the  same  features  as 
Logitech’s  Cordless  Freedom  Optical 
series. The  new  keyboards  include  one  The  Logjtech  |ntepnet  Navjgator 
touch  access  to  folders,  including  pic-  offers  one-touch  access  to  e-mail 
tures,  music  and  documents,  multime-  and  Web  pages, 
dia  control  for  playing  digital  music 
files,  CDs,  DVDs  and  online  media, and  one-touch  Internet 
access.  Hot  keys  can  be  programmed  to  send  a  user 
directly  to  a  Web  site,  launch  a  Web  camera,  access  an 
instant-messaging  program,  check  e-mail  or  perform  a 
Web-based  search. 

The  new  keyboards  include  the  Access  Keyboard  ($15), 
which  is  designed  for  a  PC  only  and  has  a  PS/2  connec¬ 
tion;  the  Internet  Navigator  ($30), which  is  compatible  with 
the  PC  and  Apple’s  iMac;  and  the  Elite  Keyboard  ($50),  a 
black  unit  that  also  is  compatible  with  PCs  and  Macin¬ 
toshes  Go  to  www.logitech.com  for  more  details. 


to  72M  bit/sec  in  its  turbo  (nonstandard)  mode  in  the  5- 
GHz  spectrum. 

Netgear  says  the  HR314  is  ideal  for  businesses  and  for 
homes  that  have  intensive  bandwidth  requirements,  in¬ 
cluding  home  entertainment  networks  that  stream  audio 
and  video.  The  device  uses  Netgear’s  Smart  Wizard  and 
Install  Assistant  applications,  which  can  automatically  de¬ 
tect  a  user’s  ISP  connection  and  basic  parame¬ 
ters.  Netgear  says  this  can  reduce 
the  setup  time  to  make  installation 
easier  and  faster. 

Other  features  include  a  Web-based 
interface,  media  access  control 
address  cloning,  URL  content  filtering, 
e-mail  alerts,  a  Dynamic  Host  Configur¬ 
ation  Protocol  server,  PPP  over  Ethernet 
logon  client  support,  port-forwarding  con¬ 
trols  and  remote  administration  capability. 
It  also  will  ship  with  antivirus  and  per¬ 
sonal  privacy  PC  software,  Netgear  says. 
VPN  pass-through  and  network  address  translation  also 
are  supported. The  HR314  will  cost  $555.  Go  to  www.net 
gear.com  for  more  information. 


Netgear  launches  802.11a  wireless  router 

Netgear  last  week  announced  availability  of  its 
802.11a  cable/DSL  wireless  broadband  router.  The 
'  214  includes  an  802. 1  la  access  point  with  a  four-port 
:  i  ;0M  bit/sec  switch.  It  uses  the  Atheros  AR5000  wire- 

.  .  chipset  and  can  transmit  data  at  speeds  of  up 


Keyspan  combines  USB  2.0  with  FireWire 

Keyspan  has  announced  shipping  of  its  USB2+FireWire 
Card,  a  combination  PCI  card  that  adds  three  external 
and  one  internal  Universal  Serial  Bus  (USB)  2.0  ports  to 
any  Macintosh  or  Windows  PC  that  has  an  available  PCI 
card  slot.  The  card  also  will  provide  two  external  Fire¬ 
Wire  ports  and  one  internal  FireWire  port  on  the  card. 

The  USB  2.0  ports  support  data  rates  of  up  to  480M 
bit/sec,  and  FireWire  supports  up  to  400M  bit/sec.  For 
Macintosh  users,  the  USB  2.0  ports  will  only  work  at 
the  USB  1.1  speeds,  up  to  12M  bit/sec,  until  Apple  pro¬ 
vides  support  for  USB  2.0,  Keyspan  says.  The  card  costs 
$100  and  is  available  now  at  major  retailers.  Go  to  www. 
keyspan.com  for  more  information. 


Make  anything  go  wireless 

Linksys  has  a  new  wireless  bridge  that  will  take  Ethernet- 
enabled  devices  (such  as  PCs,  print  servers,  workgroup 
switches  and  gaming  consoles)  and  turn  them  into  de¬ 
vices  that  can  connect  to  an  802.1  lb  wireless  network. 

Linksys  says  its  Wireless  Ethernet  Bridge  can  let  home 
networks  and  entertainment  devices  to  swap  and 
store  music,  games  and  video  files  without  wires. 
Devices  such  as  Microsoft’s  Xbox,  SONICblue’s 
Replay  TV  and  the  TurtleBeach  AudioTron  digital 
music  player  will  be  able  to  connect  to  a  wireless 
network  through  their  built-in  Ethernet  cables. 
Instead  of  worrying  about  connecting  these  devices 
via  cable,  users  can  plug  in  the  bridge. 

The  bridge  can  send  data  at  speeds  up  to  1 1M 
bit/sec,  and  includes  64-  and  128-bit  wired  equiva¬ 
lent  privacy  encryption  features.  Wireless  network¬ 
ing  can  be  done  in  both  ad  hoc  (no  access  points 
needed)  and  infrastructure  (with  access  points) 
mode.  The  bridge  is  available  through  Linksys’ 
channels  and  costs  about  $130.  Go  to  www.linksys 
.com  for  more  information. 

Shaw  can  be  reached  at  kshaw@nww.com. 

Linksys'  Ethernet  Bridge  will  wireless- 
enable  any  device  with  an 
Ethernet  port 
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Today’s  complex  storage  networks  are  not  easy 
to  manage.  Even  on  a  good  day,  maintaining  and 
troubleshooting  SANs  comprised  of  multiple 
technologies,  vendors  and  devices  can  be  a 
navigational  nightmare.  Especially  if  you  can't 
see  what  you're  doing. 

SANavigator  makes  SAN  management  easy.  The 
powerful  discovery  tool  automatically  identifies 
all  SAN  components,  regardless  of  vendor  or 
protocol,  and  presents  you  with  a  clear,  detailed 
map.  From  a  single  console,  SANavigator  discov¬ 
ers,  plans,  configures  and  monitors  your  entire 
storage  network. 

What’s  more,  SANavigator  leverages  your  existing 
resources  to  reduce  hardware  and  personnel 
costs.  Real-time  performance  monitoring  tools 
boost  your  S  AN’s  efficiency,  and  advanced 
planning  tools  reduce  the  risk  of  investing  in 

new  technologies. 


Intuitive  visual  maps  facilitate 
SAN  planning  and  management. 


Take  a  good  look 
at  your  storage 
network. 

Then  chart  your 
course  with 
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SANavigator. 
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Visit  us  at 

sanayigator.com/seeit/net5 
for  a  FREE  SANavigator  demo  CD. 
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EDITORIAL 

John  Dix 


AT&T  looks  to 
an  automated 
future 

Despite  AT&T’s  convulsions  —  the  thrashing  associ¬ 
ated  with  the  divestiture  of  business  units,  the 
imminent  departure  of  its  CEO  to  run  one  of  those 
units  and  the  sale  of  its  lush  headquarters  —  the  com¬ 
pany  remains  an  industry  powerhouse. 

AT&T  CTO  and  Labs  President  Hossein  Eslambolchi  says 
the  company  will  emerge  from  the  restructuring  with  a 
solid  revenue  base,  less  debt  than  the  average  long  hauler 
and  a  good  cash  flow  story.  He’s  even  more  bullish  on 
AT&T’s  ability  to  meet  changing  market  demands. 

Data  volumes  passed  voice  traffic  in  1998,  and  at  the  end 
of  2001  AT&T  had  generated  more  data  revenue  than 
voice  revenue,  Eslambolchi  says. Today,  the  AT&T  network 
carries  five  times  more  data  than  voice  traffic. 

While  voice  revenue  is  still  trailing  off  —  12%  in  the  sec¬ 
ond  quarter  —  data  revenue  is  growing. Total  IP  revenue 
was  up  26%  in  that  quarter,  packet  services  revenue  was  up 
18%,  and  managed  services  revenue  was  up  20%. 

Eslambolchi  says  AT&T  is  No.  2  in  IP  services  now,  up 
from  a  lowly  sixth  slot  a  few  years  ago,  and  he  attributes 
that  to  scale  being  AT&Ts  friend  —  the  greater  the  data 
demands,  the  better  AT&T’s  vast  resources  look. 

Roughly  half  of  AT&T’s  backbone  is  OC-192,  with  the 
rest  consisting  of  CKM8  trunks.“We’re  adding  50  to  100 
OC-48s  for  private  nets  every  two  to  three  weeks,  essen¬ 
tially  tripling  the  size  of  the  PSTN  every  two  to  three 
weeks,”  he  says. 

One  of  Eslambolchi’s  goals  is  to  achieve  what  he  calls 
the  concept  of  one.  He  wants  to  integrate  AT&T’s  various 
systems  for  things  like  ticketing,  provisioning  and  mainte¬ 
nance,  and  back  it  all  up  with  an  intelligent  global  opti¬ 
cal  core  based  on  MPLS  with  an  IP  control  plane.  He’ll 
extend  intelligence  to  the  edge  and  use  a  multiservice 
aggregation  device  to  support  everything  from  frame  and 
DSL  to  ATM. 

That  will  let  him  pursue  his  other  obsession,  the  concept 
of  zero. The  goal  is  to  build  intelligence  into  the  DNA  of 
the  net  and  reduce  the  need  for  human  intervention.  He 
wants  AT&Ts  network  to  be  able  to  support  self-provision¬ 
ing  and  detect,  prevent  and  heal  problems  by  itself. 

This  will  require  building  in  more  artificial  intelligence, 
but  Eslambolchi  says  60%  to  65%  of  AT&T  network  fail¬ 
ures  already  go  undetected  by  customers  because  the 
problems  are  predicted  and  solved  before  they  become 
an  issue. 

He  thinks  he  can  address  the  other  30%  to  35%  by  the 
end  of  the  decade,  but  given  the  current  industry  turmoil 
that  might  be  a  stretch. Then  again,  other  carriers  are  in 
even  more  trouble  so  that  may  aid  AT&Ts  case. 

—  John  Dix 
Editor  in  chief 
jdix@mvw.com 
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Employees  deserve  praise 


Security  by  obscurity 


Because  of  the  recent  actions  of  a  few  rogue  exec¬ 
utives,  WorldCom  now  has  the  ignominious  char¬ 
acterization  as  the  antichrist  of  the  business  world. 
While  much  of  the  public,  media  and  political  hos¬ 
tility  is  warranted,  it’s  refreshing  to  read  the  more 
seasoned,  balanced  view  on  WorldCom  provided 
by  JohnaTill  Johnsons  column  “Don’t  forget  about 
the  good  that  WorldCom  wasted”  (www.nwfusion 
.com,  DocFinder:  2023). As  Johnson  acknowledges, 
WorldCom’s  core  remains  a  highly  innovative,  best- 
in-class  company  The  companies  absorbed  by 
WorldCom  including  UUNET,  MFS  and  MCI  are  top 
of  their  class. 

In  a  networked  world  still  largely  dominated  by 
quasi-public  monopolies,  it’s  interesting  to  note  that 
the  companies  WorldCom  acquired  share  a  similar 
trait:  They  all  started  with  nothing.  Through  hard 
work,  creativity  and  tough-nosed  trench  warfare, 
employees  of  all  WorldCom  divisions  have  taken  the 
battle  to  the  streets  and  today  provide  some  of  the 
most  innovative,  no-nonsense  network  services  avail¬ 
able.  WorldCom  did  not  inherit  customers  by  default 
or  public-utility  proxy  There  was  no  market  share  to 
leverage  service  price  points,  no  unions  sporting  a 
“get  it  done  next  month”  operating  mentality  and  no 
single  copper  line  into  homes  and  businesses  to  pro¬ 
vide  a  self-perpetuating,  cash-cow  annuity 

Thanks  to  Johnson  for  casting  some  well- 
deserved  accolades  on  65,000  besieged  WorldCom 
employees.Their  contributions  and  dedication  will 
surely  eclipse  the  unconscionable  actions  of  some 
three-card-monte  hustlers. 

Matthew  Brownell 
Global  account  manager 
WorldCom 
Boston 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Regarding  Dave  Kearns'  column  “Security  by  obscu¬ 
rity?”  (DocFinder:  2024):  Information  security  profes¬ 
sionals  use  the  phrase  “security  by  obscurity”  to 
describe  the  deprecated  practice  of  depending 
upon  the  secrecy  of  an  algorithm,  instead  of  sound 
cryptography  and  secret  keys,  for  the  protection  of 
data.  If  a  weak  algorithm  is  revealed,  then  it  no 
longer  protects  any  data.  The  phrase  is  used  to 
describe  attempts  to  maintain  the  security  of  soft¬ 
ware  products  by  not  disclosing  their  defects.  The 
full  disclosure,  in  human  readable  form,  of  the  algo¬ 
rithms  used  in  open  source  code  makes  the  use  of 
“security  by  obscurity”  therein  difficult,  if  not  impos¬ 
sible.  Compiling  the  source  code  before  publishing 
it  only  makes  the  algorithm  more  difficult  for  people 
to  read  —  it  provides  obscurity  but  not  security.  (For 
more  information,  see  DocFinder:  2027.) 

Joe  Konczal 
Computer  scientist 
National  Institute  of  Standards  and  Technology 

Gaithersburg,  Md. 

High  on  fiber 

Regarding  “Fiber  to  the  home  is  broadband  option” 
(DocFinder:  2025):  I  really  like  the  idea  of  getting 
fiber  access  to  my  housed  have  discussed  it  with  the 
cable  and  telecom  providers,  and  the  issue  of  cost 
becomes  prominent.  This  is  the  same  reason  that 
there  is  nobody  rushing  to  provide  competitive  last- 
mile  services.  The  return  on  investment  of  running 
fiber  to  the  house  is  just  not  there.  In  addition,  the 
cost  of  fiber-optic  terminations  at  your  house  is  sev¬ 
eral  times  that  of  the  current  copper  devices.  Maybe 
wireless  is  a  more  economically  viable  option. 

Leslie  Leong 
Network  consultant 
Combat  Networks 
Toronto 


More  online!  www.nwfusion.com  Find  out  what  readers  arc  saying  about  these  and  other  topics.  DocFinder:  2022 


NOTE  TO  READERS? ;  Please  excuse  the  sciutrware  Tdiich 
inserted  itself  into  this  cartoon. 
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NetworKIto 

WW""\  VENTURE  OVER  THE  HORIZON 

Robin  Vasan 

n  almost  any  survey  of  network  managers, 
network  security  tops  the  list  of  things  they 
consider  important  because  of  the  ongoing 
evolution  of  corporate  networks.  As  corpora¬ 
tions  continue  to  move  mission-critical  applications  to  the  Internet  and 
open  up  their  networks  to  suppliers,  customers,  partners  and  mobile 
workers,  they  expose  themselves  to  greater  security  risks  than  they 
encountered  when  network  traffic  was  predominately  internal. 

In  a  recent  report  on  network  security  by  Bear  Stearns  &  Co.,  it  is  esti¬ 
mated  that  80%  or  more  of  the  traffic  running  across  corporate  LANs  is 
external.  At  the  same  time,  the  modes  of  attack  on  networks  have 
become  more  sophisticated.  As  corporations  continue  to  move  their 
mission-critical  applications  to  the  Internet,  they  will  need  a  degree  of 
reliability  and  privacy  that  the  Internet  never  was  designed  to  provide. 

Todaysecurity  is  being  addressed  at  a  very  surface  level,  with  network 
equipment  put  in  place  simply  to  allow  or  disallow  certain  types  of  pro¬ 
tocol  traffic.  However,  most  network  traffic  uses  the  workhorse  proto¬ 
cols  of  HTTP/HTTPS  and  Simple  Mail  Transfer  Protocol,  including 
rogue  applications  such  as  instant  messaging  and  file  sharing  that  are 
not  supported  by  system  administrators.  Firewalls  only  look  to  establish 
that  the  traffic  travels  over  a  specific  port  and  from/to  known  destina¬ 
tions.  Deeper  inspection  of  the  application  traffic  is  required. 

Similarly  in  the  application  security  arena,  putting  better  password 
protection  on  the  front  end  only  scratches  the  surface.  Single  sign-on  is 
supposed  to  provide  better  security,  but  it  is  focused  on  making  life  eas¬ 


Rethinking  network  security 


ier  for  users  and  password  administrators.  Applications  and  their  asso¬ 
ciated  users/roles  need  to  be  more  centrally  managed,  along  with  the 
relevant  access  controls  that  begin  to  address  business  processes  in¬ 
stead  of  just  sign-on  privileges. 

In  addition,  certain  layers  of  the  infrastructure,  such  as  databases, 
application  servers  and  messaging/integration  systems,  need  to  share 
and  properly  utilize  a  set  of  user  identities  and  related  permissions. 
Maybe  the  move  toward  service-oriented  architectures  will  help  in  the 
evolution.  Overall,  companies  need  better  control  of  who  uses  their  sys¬ 
tems  and  how.  The  major  infrastructure  software  players  such  as 
Microsoft,  BEA  Systems  and  Oracle  are  trying  to  address  this,  but  need 
help  from  start-ups  to  innovate  further  and  contribute  to  the  solution. 

The  bottom  line  is  that  network  managers  need  to  think  differently 
about  security  Protection  needs  to  move  from  the  perimeter  of  the  net¬ 
work  closer  to  critical  applications.  Managers  need  to  prioritize  their 
applications  and  protect  those  applications  where  the  cost  of  failure  is 
substantial,  and  more  pressure  needs  to  be  put  on  the  applications  ven¬ 
dors  to  make  their  products  more  secure. 

It  is  impossible  to  achieve  100%  security  But  corporations  need  to  be 
aware  of  the  new  technologies  and  architectures  that  can  enable  net¬ 
works  to  achieve  their  primary  goal  of  processing  and  communicating 
information  while  still  providing  the  maximum  level  of  security 


In  a  recent 
report ...  it  is 
estimated  that 
80%  or  more  of 
the  traffic  run¬ 
ning  across  cor¬ 
porate  LANs  is 
external. 


Vasan  is  a  general  partner  with  Mayfield,  a  venture  capital  firm  in 
Menlo  Park,  Calif.  He  can  be  reached  at  rvasan@mayfield.com. 


ON  SECURfTY 

Winn  Schwartau 
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y  1 1-year-old  son  has  developed  an  in¬ 
tense  interest  in  war  driving  —  the  fine 
art  of  discovering  wireless  networks  as 
you  drive  around  in  your  car.  In  the  Windows  world,  war  driving  merely 
requires  a  good  wireless  card,  such  as  Orinoco,  and  a  copy  of  Net- 
Stumbler,  which  can  be  downloaded  for  free. 

As  you  drive  up  and  down  streets,  NetStumbler  will  identify  the  hun¬ 
dreds  of  networks  in  businesses,  government  offices  and  homes.  The 
screen  will  display  the  kind  of  wireless  network  access  point,  the  man¬ 
ufacturer  and  the  signal  strength  of  the  network  you  have  detected. 
Most  importantly  the  network  will  broadcast  its  Service  Set  Identi¬ 
fication  (in  Windows-speak,  this  is  the  name  of  the  network’s  work¬ 
group)  and  the  unique  network  media  access  control  (MAC)  address. 

As  any  accomplished  war  driver  knows,  a  few  keystrokes  and  a  reboot 
would  allow  you  to  jump  onto  any  open  network  that  has  not  been 
secured  with  some  combination  of  wired  equivalent  privacy  (WEP)  or 
MAC  address  filtering.  People  known  as  war  chalkers  even  mark  the 
streets  and  sides  of  buildings  with  war-driving  symbols  indicating  the 
location  of  a  wireless  network  and  its  security  status. 

When  my  son  first  wired  up  his  war-driving  computer,  he  was  amazed 
—  and  frankly  so  was  I.  Sitting  in  the  car  in  our  driveway  we  instantly 
found  two  home-based  wireless  networks;  neither  of  them  secure.  We 
drove  into  town  and  found  more  than  70  networks,  about  onethird  of 
them  using  WEP  the  others  hanging  naked  in  the  breeze. 

The  three  fundamentals  of  information  security  are  known  as  CIA  — 
confidentiality  integrity  and  availability.  War-driving  attacks  compro¬ 
mise  the  first  two.  If  someone  can  access  your  private  information,  then 
your  confidentiality  has  been  breached. This  person  then  can  modify 
this  information  to  your  detriment,  thus  breaching  your  integrity 
Recently  a  new  suite  of  hacker  tools  have  exposed  even  more  poten¬ 
tially  debilitating  problems  with  the  IEEE  802.  IX  wireless  network  stan¬ 
dard,  which  defines  Extensible  Authentication  Protocol  (EAP)  over 
LANs  (EAPOL).  These  tools  can  be  used  to  launch  denial-of-service 
(DoS)  attacks,  compromising  your  network’s  availability 
First,  the  attacker  spoofs  the  unauthenticated  EAPOL  logoff  frames, 


War-driving  lessons 


logging  the  user  off  the  access  point.  Then,  the  attacker  renders  the 
access  point  unavailable  by  flooding  it  with  EAPOL  start  frames.  The 
EAP  identifier  space  becomes  consumed,  creating  a  DoS  attack. 

Premature  EAP  success  packets  can  allow  a  rogue  into  a  wireless  ses¬ 
sion  without  proper  mutual  authentication.  Broadcasting  spoofed  EAP 
failure  packets  can  force  a  session  to  disconnect,  resulting  in  still 
another  DoS  attack.  Modifying  EAP  packets  where  neither  integrity  nor 
encryption  is  supported  also  can  result  in  a  successful  DoS  attack. 

The  tools  for  demonstrating  wireless  DoS  capabilities  are  hitting  the 
’Net  and  should  be  part  of  anyone’s  wireless  arsenal.  What  we  have 
seen  before  is  going  to  hit  us  again  —  except  in  the  wireless  world, 
identifying  the  perpetrator  makes  IP  tracing  seem  like  child’s  play 
Imagine  a  few  folks  roaming  around  Wall  Street  with  wireless  disabling 
programs  in  their  backpacks,  invisible  and  virtually  untrackable. 

As  with  land-based  LANs,  one  of  the  best  ways  to  test  the  sanctity  of 
your  wireless  networks  is  to  use  the  latest  attack  tools  against  it  before 
deployment.  Gather  a  suite  of  attack  tools,  such  as  WEPCrack,  Net¬ 
Stumbler  and  ApSniff.  Make  sure  you  have  Orinoco  and  Prism  wireless 
network  cards.Test  your  own  network  for  unknown  access  points  and 
poor  implementation  of  WEP  and  EAP  If  you  attempt  to  launch  a  DoS 
attack,  make  sure  that  nearby  wireless  networks  will  not  be  affected. 

DoS  attacks  against  the  802. IX  environment  are  only  the  beginning. 
As  new  protocols  and  defenses  are  developed,  new  attacks  will  be 
commonplace.  We  are  headed  toward  what  the  military  calls  elec¬ 
tronic  warfare  where  adversaries  jam  known  frequency  ranges  to 
limit  communications. 

While  wireless  networks  offer  incredible  convenience,  we  are  not  yet 
at  the  point  where  we  can  or  should  rely  on  them  to  provide  mission- 
critical  applications  in  an  unshielded  and  potentially  hostile  environ¬ 
ment.  For  more  information,  visit  The  Unofficial  802.1 1  Security  Web 
Page  (www.drizzle.com/~aboba/IEEE/). 


A  few  keystrokes 
and  a  reboot 
would  allow  you 
to  jump  onto  any 
open  network 
that  has  not  been 
secured. 


Schwartau  is  president  of  Interpact,  a  security  awareness  consulting 
firm,  and  author  of  several  books,  including  the  recent  Pearl  Harbor  Dot 
Com.  He  can  be  reached  at  winns@gte.net. 
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world+lnterop  2002  Atlanta  will  open  alongside  Comdex 
02  Atlanta,  marking  Comdex’s  first  appearance  in  the  city 
since  1997. The  idea  is  to  give  delegates  a  view  of  all  the 
portant  developments  that  affect  their  businesses,  as 
well  as  discuss  the  latest  in  Gigabit  architectures,  WAN  strategies  and 


convergence  issues.  Visitors  also  will  be  able  hear  about  Web  services, 
and  IT/businfess  alignment  and  strategies. 

Tlot  topics  this  year  include  wireless  networks,  storage  and  security. 
There  will  be  a  two-day  E-Mobility  conference  that  will  address  wire¬ 
less  LANs  find  wireless  applications,  while  a  security  conference  will 


over  issues  such  as  reaching  beyond  intrusion  detection  and  securing 
obile  environment. 

Here's  our  took  at  some  of  the  activities  you  shouldn’t  miss. 


MONDAY  SEPT 


3 


VPN  Day  1 

8:30  a.m.  to  4:30  p.m. 

How  do  you  provide  remote  employees  access  to  corporate  data  in  a 
secure  way  without  incurring  sky-high  service  charges?  VPNs  are 
becoming  one  of  the  most  important  access  methods  in  many  organi¬ 
zations  as  the  number  of  remote  workers  increase.  And  now,  emerging 
security  technologies  and  pubiic-key  infrastructure  (PKI)  let  businesses 
collaborate  through  secure  extranets. 

This  two-day  conference,  which  starts  Monday,  will  delve  into  VPN 
technologies  and  standards  through  technology  presentations,  case 
studies  and  demonstrations. 

Led  by  independent  consultants  Frederick  Avolio,  principal  of 
Avolio  Consulting,  and  David  Piscitello,  president  of  Core 
Competence,  the  speakers  will  discuss  the  different  tech¬ 
nologies  and  standards  that  could  be  used  to  create 
VPNs,  such  as  PKI,  Layer  2 Tunneling  Protocol, 

Multi-protocol  Label  Switching  (MPLS),  IP  Security 
(IPSec),  Internet  Key  Exchange  and  Secure  Shell. 

Network  forensics  day 

8:15  a.m.  to  7  p.m. 

Do  you  know  what 
your  network 
looks  like  from 
a  hacker’s  per¬ 
spective?  This 
daylong  session 
provides  an 
opportunity  to 
learn  what  hack¬ 
ers  might  see  as  the 
weak  points  on  your 


network  and  helps  you  devise  a  three-part  defense  plan:  choosing 
reconnaissance  tools,  assessing  your  network  vulnerability  and  imple¬ 
menting  counter  measures. 

The  Pine  Mountain  Group's  Executive  "Netanalyst"  Bill  Alderson, 
Managing  Netanalyst  Mike  Pennacchi  and  Senior  Netanalyst  Dan 
Strohl  will  talk  about  the  latest  techniques  in  network  analysis  and 
forensics.  Issues  examined  will  include  network  architecture,  docu¬ 
mentation,  change  and  recovery  plans,  and  network  intelligence.  There 
also  will  be  case  studies  demonstrating  network  performance  analysis 
methods  and  application  response. 

Breakthrough  technologies 

11  a.m.  to  noon 

Some  technologies  come  and  go,  while  others  become  institutions. 
How  do  you  keep  up  with  the  new  inventions  that  come  on  the  scene, 
and  how  do  you  know  which  are  worth  keeping  an  eye  on?  This  ses¬ 
sion  will  feature  Johna  Till  Johnson,  CTO  of  Greenwich  Technology 
Partners  and  a  Network  World  columnist;  Rajiv  Laroia,  founder  and 
CTO  of  Flarion  Technologies;  and  Mun  Yeun  Leong,  CTO  of  Avaya. 
Laroia  will  describe  a  new  mobile  broadband  technology  called  flash- 
Orthogonal  Frequency  Division  Multiplexing,  an  IP-friendly  and  packet- 
switched  wireless  broadband  technology  that  connects  existing  wired 
companies  with  the  wireless  world. 


TUESDAY  SEPT  10 
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The  global  technology  -  keynote  by  Bobby  Johnson, 
CEO,  Foundry  Networks 

Noon  to  1  p.m. 

"Ethernet  has  come  to  dominate  the  market 
because  it  is  superior  in  terms  of  performance 
and  cost  when  compared  with  ATM  or  FDDI, 
and  is  easier  to  use  as  well,"  says  Bobby 
Johnson,  CEO  of  Foundry.  "The  same  can  also 
be  said  of  the  difference  between  SONET  and  Bobby  Jobnson 
10G  Ethernet.  The  latter  has  strong  cost  performance,  and  all  the  ease 
of  use  of  Ethernet.  You  can  also  use  IP  over  10G  Ethernet  and  it  is  espe¬ 
cially  important  to  note  that  10G  Ethernet  is  better  than  OC-192  when  it 
comes  to  cost.  Ten  G  Ethernet  achieves  speeds  similar  to  SONET  for 
about  one-fifth  the  cost,”  he  adds. 

"The  next  advance  in  speed  will  be  40  Gigabit  or  100  Gigabit  Ethernet. 
They  are  both  in  the  research  and  development  phases,”  Johnson 
says.  “We  are  producing  prototypes  to  verify  and  conduct  further 
research  into  cost,  performance,  port  density  and  transmis¬ 
sion  range." 


Web  services:  The  expert  perspective  on  deliv¬ 
ering  the  goods 
10:15  a.m.  to  12:30  p.m. 

We’ve  all  heard  the  hype  surrounding  Web 
services;  now  what  we  want  to  know  is 


what  can  Web  services  do  for  our  busi- 
Cv/  nesses  and  what  are  the  best  practices  in 


^  ^  implementing  Web  ser  vices  technologies.  John 

I  McConnell,  principal  analyst  at  McConne!1  Associates,  and  his  guest 
[  panelists  aim  to  look  at  the  performance  issues  of  Web  services  and 
explain  how  better  Web  application  design  should  lead  to  infrastruc¬ 
ture  savings.  Panelists  are  Aiistair  Croll,  CEO  of  Coradiant;  John 
Morency,  vice  president  of  technology  services  at  Sterling  Research; 
Rhodes  Rumsey,  principal  of  Plural;  Jasmine  Noel,  director  of  sys¬ 
tems  and  applications  management  at  Hurwitz  Group;  and  Peter 
Sevcik,  president  of  NetForecast. 


PH  M{  [  .vorkWorld  j  9/2/D2  1  H+l  Show  Planner 

Best  practices  in  implementing  voice  over  IP 

2  to  3  p.m. 

John  Ridley,  Coca-Cola  Enterprises’  senior  technical 
architect,  planning  and  technology,  will  share  the  pros 
and  cons  of  his  company's  initial  voice-over-IP  (VoIP) 
deployments.  What  are  the  ingredients  for  a  successful 
VoIP  implementation,  and  what  does  it  take  to  deploy  it 
in  a  large  corporation?  Susan  Knott,  global  network 
architect  at  PricewaterhouseCoopers,  also  will  present. 


Network  storage 
strategies 
9  a.m.  to  4  p.m. 


Jon  William  Toigo 


Described  as  “bringing  sanity"  to  the  subject  of  net¬ 
worked  storage,  this  daylong  conference  will  examine 
how  network-attached  storage,  storage-area  networks 
and  the  emerging  NAS/SAN  hybrid  could  be  deployed 
cost-effectively.  With  sessions  titled  “Extraordinary  popu¬ 
lar  delusions  and  the  madness  of  SANs,"  and  "The  Holy 
Grail  of  networked  storage  management,"  the  conference 
should  be  informative  and  entertaining. 

Attendees  should  come  away  from  this  conference,  led 
by  independent  consultant  and  author  Jon  William  Toigo, 
with  a  knowledge  of  the  capabilities  and  limitations  of 
networked  storage,  plus  how  the  technology  might  best 
be  deployed  in  your  organization. 


MPLS:  The  good,  the  bad  and  the  ugly 

11:30  a.m.  to  12:30  p.m. 

Billed  by  Network  World  Global  Test  Alliance  as  the 
protocol  that  could  lead  to  less-expensive  and  faster 
WAN  connections,  MPLS  is  being  pushed  into  service 
providers’  networks  so  that  network  executives  will  no 


ILabs  to  hit  on  wireless 
security,  iSCSI  and  MPLS 

Network  World  is  the  sponsor  of  the  InteropNet 
Labs  (iLabs),  N+I’s  live  test  bed  designed  to  give 
attendees  hands-on,  unbiased  insight  into  the 
state  of  emerging  technologies.  ILabs  is  located 
on  the  show  floor,  open  to  all  attendees,  and  runs 
during  exhibition  hours.  A  team  of  volunteer  net¬ 
work  engineers,  including  Network  World  Test 
Alliance  partner  Joel  Snyder  of  Opus  One,  will 
conduct  these  testing  demonstrations. 

ILabs  Atlanta  will  focus  on  wireless  LAN 
Security  where  engineers  will  test  802.1X, 
Extensible  Authentication  Protocol  and  IPSec 
interoperability;  IP  storage  networking  based  on 
iSCSI  technology;  and  MPLS  where  testers  will 
implement  interoperable  point-to-multipoint  Layer 
2  VPNs. 

For  a  schedule  of  free  classes,  go  to  www.ilabs. 
interop.net. 


longer  have  to  build  large  WAN  infrastructures.  This  ses¬ 
sion  describes  MPLS  technology  today  and  reports  on 
enhancements  anticipated  during  the  next  year.  Led  by 
Steven  Taylor,  president  of  Webtorials  and  co-author  of 
Network  World's  twice-weekly  WAN  newsletters,  the 
speakers  include  Irwin  Lazar,  practice  manager  at 
Burton  Group;  Tim  Halpern,  product  director  of  frame 
relay  and  ATM  at  AT&T;  and  Barry  Tishgart,  director  of 
product  management  at  Sprint. 

VPNs:  Matching  needs  to  speeds  and  feeds 

3:30  to  4:15  p.m. 

If  you  can’t  attend  the  special  VPN  days  Monday  and 
Tuesday,  you  might  want  to  sit  in  on  this  session.  John 
Doyle,  director  of  intelligent  Internet  product  marketing 
at  Nortel  will  give  an  overview  of  the  available  VPN 
options  on  the  market.  He  will  aim  to  unravel  the  con¬ 
fusing  choices  —  IP  VPNs,  VPNs  with  or  without  MPLS, 
and  frame  relay  VPNs  —  and  talk  about  the  security 
and  convergence  issues  surrounding  this  remote  access 
technology. 
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In  other  words 

A  glossary  of  DoS  terms 
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ACK  floods  —  An  attack 
that  sends  a  large  number  of 
TCP  packets  with  the  ACK 
flag  set  to  a  target. 

Denial  of  service  (DoS) 

—  When  an  attack  is 
launched  against  a  target 
system  or  network  that  pre¬ 
vents  valid,  authorized  users 
from  accessing  resources. 

Distributed  denial  of 
service  —  When  many  sys¬ 
tems  launch  a  DoS  attack 
against  one  specified  target. 

Fraggle  —  A  DoS  attack 
that  sends  User  Datagram 
Protocol  (UDP)  Internet 
Control  Messaging  Protocol 
(ICMP)  echo  packets  to  net¬ 
work  broadcast  addresses. 

ICMP  flood  —  An  attack 
that  sends  a  large  number  of 
ICMP  packets  to  a  target. 

Jolt2  —  A  DoS  attack  cre¬ 
ated  by  sending  a  large  num¬ 
ber  of  fragmented  IP  pack¬ 
ets  to  a  target.  The  target 
system  will  use  100%  of  its 
resources. 

Land  —  A  DoS  attack,  with 
a  spoofed  source  IP  address, 
that  makes  a  connection 
attempt  on  a  system  that 
appears  to  be  from  the  same 
IP  address/port,  confusing 
the  system  and  causing  the 
TCP/IP  stack  to  lock. 

Mstream  —  A  client/server 
distributed  DoS  tool. 


Test  shows  there  are  several  varied,  viable  options 
that  help  defend  your  network  against  attacks. 


■  BY  MANDY  ANDRESS,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 


There’s  more  than  one  way  to  skin  a  denial-of-service  attack,  but  first  you’ve 
got  to  catch  it.Two  years  after  the  well  publicized  attacks  on  Yahoo,  eBay  and 


Naptha  —  A  new  breed  of 
sophisticated  DoS  attacks 
that  can  consume  all  net¬ 
work  connections  on  a  target 
system.  Naptha  starts  with  a 
SYN  flood,  but  it  can  then 
send  the  corresponding 
ACK,  keeping  the  TCP/IP 
session  open  even  longer  on 
the  target  system. 


CNN,  DoS  attacks  are  still  very  prevalent  —  they  just  aren’t  discussed. The 
advent  of  new  attack  technologies,  such  as  Naptha  and  Reflective  DoS 
attacks,  are  making  the  process  of  protecting  networks  even  more  difficult. 

In  a  perfect  world, your  ISP  would  detect  and  deal  with  the  growing  num¬ 
ber  of  these  attacks  on  its  end.  But  because  many  ISPs  do  not  want  to  take 
on  the  added  burden  and  legal  responsibility  to  provide,  or  claim  to  provide 


Opentear  —  A  DoS  attack 
that  sends  fragmented  UDP 
packets  to  random  ports  on 
the  target  machine.  The 
source  IP  addresses  are  ran¬ 
domized.  The  target  system 
will  use  100%  of  its  resources 
and  might  reboot. 

Pimp2  —  A  DoS  attack  that 
sends  random  Internet  Group 
Management  Protocol  pack¬ 
ets  to  the  target  system. 


DoS  protection,  you’ll  most  likely  have  to  deal  with  DoS  attacks  —  whether 
they  are  randomized  DoS,  general  distributed  DoS  or  reflective  distributed 
DoS  —  on  your  own. 

On  the  market  today  is  a  range  of  vendors  providing  DoS  attack-detection 
and  mitigation  products.  How  each  product  approaches  the  problem  runs 
the  gamut.  Signature  vs.  anomaly  detection.  Inline  vs.  network  tap.  Active  vs. 
passive.  Who  does  what  and  how  does  it  all  work? 


See  DoS,  page  44 


(©server 


Linux  '  ready  with  self-managing  features  for  every  e-business. 


Intel  -based  /  xSeries™ 

It’s  an  affordable  and  powerful 
combination  of  mainframe- 
inspired  reliability  and  smart 
systems  management  tools. 


UNIX®  /  pSeries 

Highly  available,  highly  affordable 
and  highly  coveted.  The  pSeries  is 
the  platform  of  choice  for  powerful 
UNIX  and  Linux  solutions. 


Midrange  /  ISeries™ 

Brings  easy-to-deploy,  plug  and 
play  e-business  to  your  business. 
Sophisticated  technology  that’s 
easy  to  manage  and  Linux  ready. 


Mainframe  /  zSeries™ 

Maximum  reliability,  maximum  power, 
maximum  flexibility.  Designed  for  up  to 
99.999%  uptime1  to  handle  the 
demands  of  today’s  e-businesses. 


Winning  through  server  consolidation.  Winnebago  Industries  lives  by  its  e-mail  system.  By  consolidating  its 
functions  onto  one  IBM  (©server  zSeries  running  Linux,  the  company  created  an  industrial-strength  e-mail 
system,  and  saved  on  software  licensing  fees  in  the  process.  For  a  complimentary  guide  on  server  consolidation, 
visit  ibm.com/eserver/winnebago  (©£*«* -fay*. 


'Requires  Parallel  Sysplex’  environment.  All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments  will  vary  depending, 
among  other  things,  on  individual  customer  configurations  and  conditions.  IBM.  the  e-business  logo,  e-business  is  the  game.  Play  to  win.  iSenes.  pSeries.  xSeries.  zSeries  and  Parallel  Sysplex  are  trademarks  or  registered  trademarks  of 
International  Business  Machines  Corporation.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  Intel  is  a  registered  trademark  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  UNIX  is  a  registered  trademark  of 
The  Open  Group.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2002  IBM  Corporation.  All  rights  reserved. 


RC8  —  A  DoS'tocJ ■■■ 
f  t&ocfe  a  targ'^^jt^jjDP 
packets. 

■  . 

Reflective DDoS  attack 

—  A  newtwist  on  distrib¬ 
uted  DoS  attacks  in  which  a 
SYN  flood  attack  is  sent  to  a 
large  Web  site,  but  the  pack¬ 
ets  have  a  spoofed  source  IP 
of  the  real  attack  target.  The 
Web  site  replies  to  this  large 
number  of  SYN  requests, 
sending  its  responses  to  the 
•spoofed  "target"  IP  address. 
To  the  target,  it  looks  like  the 
large  Web  site  is  launching  a 
DoS  attack  against  them. 


Stacheldracht  —  A  dis¬ 
tributed  DoS  attack  tool  that 
encrypts  communication 
between  the  attacker  and 
Stacheldracht  master 
servers.  It  also  provides  auto¬ 
matic  updates  of  infected 
systems. 


SYN  floods  —  A  type  of 
DoS  attack  where  a  large 
number  of  TCP  SYN  packets 
(the  first  packet  in  a  TCP/IP 
connection),  usually  with 
spoofed  source  IP  address¬ 
es,  are  sent  to  a  target.  The 
target  system  replies  with 
the  corresponding  ACK 
packet  and  waits  for  the  final 
packet  of  the  TCP/IP  three- 
way  handshake.  Because  the 
source  IP  address  of  the  ini¬ 
tial  packet  was  spoofed,  the 
target  never  will  receive  the 
final  packet,  leaving  it  to  hold 
TCP/IP  sessions  open  until 
they  time  out.  A  SYN  flood 
causes  so  many  TCP/IP  open 
sessions  that  the  system 
becomes  overwhelmed  and 
cannot  handle  lany-jmore  net¬ 
work  traffic.  - 


Synk4  —  A  SYN  flood  DoS 
attack. 


Targa3  —  A  DoS  attack 
that  sends, malformed 
TCP/iP  packets  to  a  target 
.system,  causing  it  to  con- 
.sume.-10Q%  of  its  resources, 
having  tne  TCP/IP  stack  lock 
Examples  of  packet  malfor- 
mat ;6ns' 'indude  invalid  frag- 
modt$rqacket  size  and  off- 


DoS 

continued  from  page  41 

We  invited  a  group  of  vendors  into  our 
lab  to  help  discern  the  advantages  and 
disadvantages  of  each  approach.  Asta 
Networks,  Captus  Networks,  CS3,  Lancope, 
Mazu  Networks,  Radware  and  Webscreen 
agreed  to  participate  in  our  review.  App- 
Safe,  Arbor  Networks,  CacheFlow,  Check 
Point  Software,  Extreme  Networks,  Flood- 
Guard,  Internet  Security  Systems,  IntruVert, 
NetScreen,  Reactive  Network  Solutions, 
Recourse  Technologies,  Riverhead  and 
TopLayer  Networks  declined. 

Our  tests  determined  that  these  prod¬ 
ucts  all  work  about  the  same  in 
detecting  attacks,  with  most  of  the  prod¬ 
ucts  detecting  95%  of  the  attacks  we 
launched  (see  online  chart  at  www. 
nwfusion.com,  DocFinder:  202 1). The 
deciding  factor  lies  in  the  mitigation 
techniques  available  to  you.  How  con¬ 
cerned  are  you  that  valid  traffic  still 
needs  to  pass?  How  much  control  do 
you  want  over  the  process?  What  type  of 
reports  and  how  much  data  do  you  want 
to  have  available  to  you?  Once  you  have 
answered  those  questions, you  quickly 
will  be  able  to  narrow  down  the  top 
choices  for  your  environment. 


In-line  products 


Captus  CaptIO  and  CaptCC 


Captus  provides  the  most  granular 
product  we  evaluated,  but  it  could  be 
more  cohesive  and  easier  to  administer. 
Captus  provides  two  devices:  CaptIO  is 
the  inline  DoS  device,  and  CaptCC  is  the 
centralized  management  appliance  that 
can  control  multiple  CaptIO  devices. 

You  can  configure  and  manage  CaptIO 
through  a  built-in  Web  graphical  user 
interface,  but  CaptCC  provides  for  multi¬ 
ple  devices  and  some  advanced  GUI 
functionality.  Overall,  only  basic  manage¬ 
ment  functionality  is  available  through 
either  GUI  —  most  management  is  per¬ 
formed  via  the  command  line. 

Captus  representatives  installed  their 
product  in  our  test  lab. The  first  installa¬ 
tion  was  a  disaster,  with  the  CaptIO  and 
CaptCC  devices  having  problems  that 
rendered  them  useless.  A  second  installa¬ 
tion  attempt  with  brand  new  boxes  went 
smoothly.  As  recommended  by  Captus, 
CaptIO  and  the  CaptCC  resided  on  a 
completely  different  subnet  than  the 
monitored  networks. 

Captus  products  use  a  technology 
called  Traffic  Limiting  Intrusion  Detection 
System  (TL1DS),  which  are  defined  as 
rules, similar  to  firewall  rules.TLIDS  rules 
can  be  defined  on  any  of  the  devices 
interfaces.  In  reality,  CaptIO  functions 
much  like  another  firewall  on  your  net¬ 


work.  You  can  define  what  protocols  can 
be  allowed  through  the  device,  what  traf¬ 
fic  levels  you  should  expect  and  what 
SYN  buckets  to  manage  SYN  floods.  As 
with  any  baseline-based  product,  its  effec¬ 
tiveness  depends  on  how  accurately  your 
thresholds  are  set.  Captus  does  not  pro¬ 
vide  a  threshold  analyzer,  but  it  does  pro¬ 
vide  rate  throttling, slowing  the  connec¬ 
tion  rate,  opening  bandwidth  to  let  legiti¬ 
mate  connections  pass. 

Captus  administration  is  a  bit  frustrating 
and  can  seem  a  bit  redundant  when 
working  with  your  firewall.  If  you  config¬ 
ure  CaptIO  as  recommended,  blocking 
all  ports  except  those  that  are  allowed, 
you  will  configure  any  changes  in  at  least 
two  places  —  your  gateway  firewall  and 
CaptlO/CC.  While  it  provides  an  excellent 
defense-in-depth  architecture, TLIDS  rules 
could  be  a  bit  easier  to  configure. 

CaptIO  was  very  effective  at  identifying 
and  handling  our  DoS  attacks  when  the 
TLIDS  rules  were  defined  correctly.  Once 
you  understand  the  TLIDS  syntax  and 
options, you  can  have  very  granular  con¬ 
trol  over  your  network  traffic.  When  an 
attack  is  detected,  CaptIO  takes  action  as 
defined  in  the  appropriate  TLIDS  rule  and 
reports  information  to  a  syslog  server. 

Captus  reports  are  based  on  syslog  data 
and  use  a  Crystal  Reports  viewer  to  help 
analyze  the  syslog  data  and  render  it  into 
a  user-friendly  report.  In  addition  to  an 
improved  GUI,  we  would  like  to  see  an 
improved  reporting  infrastructure. 

Like  most  of  these  DoS  devices,  Cap¬ 
tus  runs  on  Linux  and  upgrades  are  as 
easy  to  install  as  any  traditional  Red 
Hat  RPM  application.  A  vulnerability 


assessment  scan  of  the  system  showed 
OpenSSH  vulnerabilities,  meaning  that 
an  attacker  potentially  could  compro¬ 
mise  it. 

Bottom  line 

Captus  Networks  CaptIO  and 
CaptCC 

www.captusnetworks.com 
Category:  Inline 

Cost:  CaptIO,  $  1 5,000;  CaptCC,  $8,500 
Advantage:  Most  flexible  and  granular 
configuration  options. 

Disadvantages:  First  install  attempt 
failed;  poor  reporting;  poor  GUI. 

Best  suited  for:  Organization  that 
wants  complete  control  over  all  configu¬ 
ration  aspects  of  the  device. 


Mazu  Networks  Enforcer  5.2 


Mazu  s  Enforcer  is  an  adaptive  distrib¬ 
uted  DoS  product,  watching  and  evaluat¬ 
ing  network  traffic  to  determine  what  is 
valid  and  what  is  malicious. The  Enforcer 
sits  inline  on  your  network  and  basically 
has  three  network  interfaces. Two  are 
used  for  traffic  monitoring  (one  sits  on 
the  “Internet"  side  and  one  sits  on  the 
“internal  network” side). These  interfaces 


How  we  did  it 


Passive  monitoring  devices  were  connected  to  a  spanning  port  on  the  Cisco 
Catalyst  3500  switch  on  our  target  network.  Inline  devices  were  placed 
between  our  attacker  and  target  networks,  in  front  of  the  target  network's 
gateway  firewall.  The  target  network  consisted  of  a  Red  Hat  7.2  system  running 
Apache,  Sendmail,  BIND  and  Secure  Shell,  and  a  Windows  2000  SP2  Server  run¬ 
ning  Internet  Information  Server.  The  attack  network  consisted  of  a  Red  Hat 
Linux  7.2  system  and  a  Win  2000  Professional  SP2  system. 

After  initial  setup  on  the  network,  we  ran  48  hours  of  valid  traffic,  consisting  of 
HTTP  requests,  DNS  requests,  mail  requests  and  SSH  connections  to  define  an 
adequate  baseline. 

We  launched  a  variety  of  attacks  against  the  target  network,  including  TFN 
SYN  flood,  Stacheldracht,  Fragger,  Mstream,  Jolt2,  Opentear,  RC8,  Pimp2,  Land, 
Targa3,  Naptha,  and  completely  randomized  source  IP/TCP,  User  Datagram 
Protocol  (UDP),  and  Internet  Control  Messaging  Protocol  SYN  and  ACK  floods. 
We  launched  attacks  in  phases.  Some  were  short  bursts,  others  were  sustained 
attacks  lasting  several  hours,  and  others  included  multiple  attacks  launched  at 
one  time. 

We  also  requested  a  2M-byte  file  located  on  the  Apache  server  several  thou¬ 
sand  times  in  rapid  success  to  see  if  a  sudden  increase  in  valid  connection 
attempts  were  identified  as  malicious.  To  test  identification  of  outbound  denial- 
of-service  (DoS)  attacks,  we  installed  Tribe  Flood  Network  2000  on  the  test  net¬ 
work  and  launched  an  attack  against  the  systems  on  our  attacker  network. 

To  evaluate  the  security  of  the  DoS  device,  we  launched  attacks  against  the 
device  itself  and  ran  Internet  Security  Systems'  Internet  Scanner  against  its  IP 
addresses  to  identify  any  known  vulnerabilities.  Because  most  devices  run  on 
the  Linux  operating  system,  vulnerabilities  in  Linux  could  lead  to  a  compromise 
of  the  DoS  device. 

—  Mandy  Andress 
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operate  in  promiscuous  mode  to  pick  up 
and  analyze  all  network  traffic.  It  then 
has  a  third  interface  specifically  for  man¬ 
agement  access  to  the  device. 

Enforcer  determines  its  baseline  of 
“normal”  traffic  by  analyzing  network 
traffic  for  a  period  of  time  as  set  by  the 
user, specifically  looking  at  packet  char¬ 
acteristics,  such  as  time  to  live,  payload 
and  hashes.The  longer  the  amount  of 
time  the  network  is  analyzed,  the  more 
accurate  your  baseline  will  be.  Enforcer 
analyzes  traffic  and  alerts  administrators 
when  traffic  that  exceeds  the  baseline 
thresholds  set  by  the  user.  Enforcer  will 
recommend  filters  to  be  installed  on  the 
device  (with  the  administrators  ap¬ 
proval)  to  remove  or  mitigate  the  identi¬ 
fied  attack.These  filters  take  an  all-or- 
nothing  approach,  though,  and  easily  can 
filter  out  valid  user  traffic.  However, you 
can  define  trusted  traffic,  and  these  pack¬ 
ets  never  will  get  dropped.  Additionally, 
when  running  in  passive  mode,  Enforcer 
will  just  recommend  access  control  lists 
that  should  be  installed  on  your  routers. 

Mazu  usually  installs  Enforcer,  installing 
the  product  in  our  test  lab.  Installation  is 
straightforward,  configuring  the  inline 
promiscuous  interfaces  and  manage¬ 
ment  connection.  Once  Enforcer  is  up 
and  running,  it  needs  to  monitor  network 
traffic  to  configure  a  baseline  that  best 


fits  your  network.  An  excellent  feature  in 
the  Enforcer  is  the  Threshold  Advisor,  a 
wizard  that  helps  you  determine  what 
your  baseline  thresholds  should  be  set  at 
based  on  a  period  of  traffic  analysis  you 
define.The  Enforcer  then  automatically 
can  configure  its  thresholds.  Enforcer 
administrators  also  can  change  any  of 
these  values  manually. 

For  SYN  flood  attacks,  you  define  sepa¬ 
rately  your  SYN  queue  parameters,  which 
determines  how  many  SYN  requests  can 
come  in  and  sit  there  without  receiving 
responses.  As  the  queue  fills,  older  open 
connections  are  dropped. 

The  main  page  on  Enforcers  administra¬ 
tion  interface  contains  an  overview  of 
what  is  happening  on  the  network  through 
a  combination  of  interface  packet  statis¬ 
tics  and  a  graph  of  traffic  types,  which  is 
completely  configurable.  We  had  trouble 
getting  the  graph  to  display  attacks  as 
they  occurred  and  discovered  timing  is 
an  issue  in  the  graphing  portion  of  the 
product.Traffic  analysis  and  counts  occur 
as  the  packet  enters  the  interface.The 
graph  is  created  based  on  the  timestamp 
of  the  packet.  If  timestamps  are  off,  the 
packets  will  not  be  displayed  properly, 
which  is  what  we  encountered. 

During  our  testing,  Enforcer  notified  us 
of  any  activity  that  exceeded  our  defined 
thresholds.  On  a  completely  random  TCP 


flood,  we  enabled  the  recommended  fil¬ 
ter  and  couldn’t  access  our  test  Web  site 
until  we  removed  the  filter.  Like  many  of 
the  distributed  DoS  products,  Enforcer 
runs  on  Linux  and  a  vulnerability  assess¬ 
ment  scan  of  its  interfaces  showed 
Secure  Shell  vulnerabilities  on  the  man¬ 
agement  interface.  Enforcer  is  good  at 
identifying  high-level  traffic  flows  that 
exceed  defined  thresholds,  but  it  will  not 
solve  all  your  problems.  Enforcer  picked 
up  a  sync4  attack  against  a  system,  but 
by  then  it  was  too  late  —  the  target  sys¬ 
tem  was  already  unresponsive,  and  the 
Web  server  needed  to  be  restarted  to 
function  properly. 

Bottom  line 

Mazu  Networks  Enforcer  5.2 

www.mazunetworks.com/ 

index.html 

Category:  Inline  device 
Cost:  Starts  at  $32,000 
Advantage:  Threshold  Analyzer 
Wizard  guides  users  well. 

Disadvantages:  All-or-nothing  filters 
that  can  block  valid  traffic;  reliance  on 
Network  Time  Protocol  timing  synchro¬ 
nization  can  lead  to  reporting  glitches. 

Best  suited  for:  Organization  looking 
for  inline  device  that  does  not  require  accu¬ 
rate  attack  blocking  on  spoofed  source  IP 
attacks  to  let  legitimate  traffic  pass. 


Radware  FireProof  Appi?c  b 

Switch  i! 


The  Radware  Application  Switch  can 
perform  a  variety  of  functions,  including 
firewall  load  balancing,  network  switch¬ 
ing,  providing  application  security  protec¬ 
tion  and  protecting  networks  from  DoS 
attacks.  For  our  testing,  we  configured  the 
Application  Switch  to  run  its  DoS  Shield 
and  Application  Security  applications 
independently  —  it  was  not  acting  as  any 
other  type  of  device. 

The  Application  Switch  is  a  signature- 
based  product,  comparing  a  sample  of 
network  traffic  (based  on  administrator- 
defined  parameters)  with  a  list  of  precon¬ 
figured  attacks.This  device  is  better  than 
the  other  devices  tested  at  catching  those 
one-packet  attacks  that  can  take  down  a 
system  and  will  not  necessarily  be  picked 
up  by  an  anomaly-  or  baseline-based 
product.  When  an  attack  is  detected,  the 
Application  Switch  takes  action,  as 
defined  by  the  administrator,  which 
includes  reporting  or  blocking  the  offend¬ 
ing  packets.  Our  testing  found  this  option 


Detecting  DoS  attacks  before  they  disable  your  network 

In  our  issue-based  test  of  products  that  help  network  professionals  detect  and  stop  denial-of-service  attacks,  we  looked  at  three  basic  product 
configurations:  those  that  sit  inline  between  your  firewall  and  the  Internet,  those  that  use  a  network  tap  to  pull  traffic  from  the  network  and  those  that 
sit  behind  the  firewall  on  your  internal  network. 
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Advantages:  Catches  all 
traffic.  Provides  a  mechanism 
to  act  on  problem  traffic  easily. 


Supporting  product: 

Mazu,  Radware,  Captus, 
Webscreen. 
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O  Network  tap 
listens  on  the 
network  and 
takes  samples 
of  traffic. 


©  DoS  device  pulls  data 
from  network  tap, 
analyzing  it  for  potential 
attacks  or  characteristics 
that  do  not  adhere  to  a 
defined  baseline. 


©  These  devices  usually 
just  generate  alerts  and 
recommend  solutions 
such  as  ACL  fitters  on 
how  to  best  deal  with 
the  identified  issue. 


Advantages:  Network  tap 
devices  do  not  introduce  a 
point  of  failure  on  the  network. 


Supporting  product: 

Asta,  Lancope. 
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O  This  device  focuses 
on  monitoring 
internal  network 
traffic. 


©  Device  uses  its  own 
algorithm  to 

determine  malicious 
from  valid  traffic. 


©  Product  will  block 
malicious  traffic. 


Advantages:  Quick 
detection  of  internal  machines 
acting  as  DoS  zombies  and 
launching  DoS  attacks  on 
unsuspecting  targets. 


Supporting  product: 

CS3 
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to  be  successful  Malicious  traffic  was 
blocked,  but  valid  traffic  was  allowed  to 
pass.This  device  did  not  generate  any 
alerts  on  our  outbound  DoS  attack 
because  it  only  appears  to  analyze 
inbound  connections  from  the  external 
network.  It  also  did  not  identify  the  sud¬ 
den,  rapid  increase  in  Web  traffic  as 
anomalous. 

Installation  was  very  simple. We  config¬ 
ured  an  administrative  port  in  addition  to 
the  network  interfaces  monitoring  network 
traffic.  Management  occurs  through  a  local 
Web  server  or  a  Java  management  con¬ 
sole.  After  enabling  the  Application  Switch 
and  DoS  Shield,  we  set  application  aging 
protocols,  which  are  useful  for  dropping 
“old”  connections. We  also  set  the  tracking 
time  and  threshold  limit  forSYN  attacks, 
TCP  port  scan,  User  Datagram  Protocol 
floods, ping  floods  and  UDP  port  scans. 

A  vulnerability  assessment  scan  of  the 
management  port  showed  a  Web  server 
chunked  encoding  vulnerability  —  a  new 
type  of  Web  server  vulnerability  released 
a  few  weeks  ago.  With  this  vulnerability,  an 
attacker  could  disable,  compromise  or 
change  configuration  of  the  device. 

Because  Radware  is  not  installed  on  a 
base  Linux  server, you  must  wait  for  the 
vendor  to  release  a  new  firmware  update 
to  fix  security  issues.  Additionally  new 
attack  signatures  are  updated  only 
through  new  firmware  releases.  Firmware 
updates  are  released  every  few  months 
and  they  are  very  easy  to  install. 

Bottom  line 

Radware  FireProof  Application 
Switch  II 

www.radware.com 

Category:  Inline 

Cost:  $28,000 

Advantage:  Catches  single  packet 
attacks  and  other  known  attack  types. 

Disadvantage:  Updates  available  only 
via  new  firmware. 

Best  suited  for:  Organization  looking 
for  a  signature-based  product  or  looking 
to  combine  DoS  protection  with  load 
balancing. 

Webscreen  WS100 


The  WS100  is  an  inline,  passive  device 
with  a  separate  management  interface. 
The  device  acts  as  a  bridge  between  net¬ 
works,  with  the  passive  interfaces  not 
even  having  IP  stacks  bound  to  them. 
This  helps  protect  the  DoS  device  from 
being  attacked  itself. 

Webscreen  uses  heuristics  to  identify 
anomalous  or  malicious  traffic  and  drops 
traffic  as  necessary.  Webscreen  s  Charm 
technology  analyzes  network  traffic  for 
behavioral  characteristics  and  decides 
which  traffic  is  malicious  and  which  traf¬ 
fic  is  valid. 

Installation  and  setup  was  simple.  We 
configured  it  through  its  Web-based  man¬ 


agement  program,  defining  inbound  TCP 
ports,  inbound  UDP  ports,  inbound 
Internet  Control  Message  Protocol  types 
and  IP  protocols. We  also  defined  server 
parameters,  such  as  TCP  backlog  per 
port,  maximum  connections  and  total 
TCP  backlog.  Webscreen’s  products  are 
optimized  to  protect  Web  servers,  so 
much  of  the  configuration  information 
focuses  on  the  specific  characteristics  of 
your  Web  server  farm. 

In  our  testing,  the  WS100  was  the  most 
accurate  at  identifying  attacks  and  miti¬ 
gating  attack  traffic  to  let  valid  traffic 
pass.  Its  reporting  infrastructure  could 
be  improved  to  provide  more  detailed 
information  and  graphs.  Currently,  it  only 
provides  text-based  statistical  displays. 
One  interesting  piece  of  information  the 
WS100  does  provide  is  a  list  of  the  top- 
20  offending  IP  addresses  that  attack 
your  network. 

Bottom  line 

Webscreen  WS100 
www.webscreen-technology.com 
Category:  Inline 
Cost:  Starts  at  $23,000 
Advantages:  Almost  invisible  on  the 
network;  best  overall  performance; 

Charm  technology  helps  identify  mali¬ 
cious  traffic. 

Disadvantage:  No  graphs  in  reporting. 
Best  suited  for:  Optimized  to  protect 
Web  server  farms. 


Network  tap  products 


Asta  Networks  Vantage 
System  2.0 

networks 

The  Vantage  System  is  a  network-moni¬ 
toring  appliance  that  hangs  off  a  switch 
or  network  tap  on  the  network  and  pulls 
traffic  statistics  from  Cisco,  Foundry 
Networks  or  Juniper  Networks  gear  on 
your  network. You  also  can  place  the 
device  on  a  spanning  port  on  a  switch  to 
gather  traffic  data.  It  collects  data  in  real 
time,  but  there  is  a  slight  delay  as  it  is  sent 
to  the  device  and  analyzed. The  system 
continuously  analyzes  network  traffic  to 
determine  characteristics  and  will  alert 
administrators  when  traffic  occurs  out¬ 
side  of  a  defined  threshold.  Administrat¬ 
ors  define  network  policies  to  help  the 
product  determine  valid  traffic  levels. 

When  an  attack  is  identified,  the 
Vantage  System  will  start  classifying  the 
data,  recording  and  reporting  details  of 
the  attack  to  administrators.The  Vantage 
System  also  will  provide  access  control 
lists  and  recommendations  on  how  to 
mitigate  the  effects  of  the  attack.The  sys¬ 
tem  does  not  provide  any  automatic  filter 
or  attack  mitigation  options. 

Installation  and  configuration  are  easy 
with  this  device.  We  connected  the  appli¬ 
ance  to  a  spanning  port  we  configured 


on  our  Cisco  Catalyst  3500  switch  and 
were  up  and  running  in  no  time.  System 
management  occurs  through  a  Web- 
based  console. 

Of  all  the  products  we  evaluated,  the 
reporting  capabilities  in  the  Vantage 
System  were  the  best.  The  level  of  detail 
and  granularity  about  the  packets  and 
statistics  analyzing  the  system  were 
unmatched.  We  could  see  every  detail  of 
the  malicious  traffic,  down  to  the  individ¬ 
ual  packets  involved. 

On  the  downside,  the  Vantage  System 
was  slower  to  alert  us  to  attacks,  taking 
a  good  minute  or  two  to  categorize  the 
traffic. 

The  Vantage  System  also  runs  on  a 
Linux-based  server  appliance,  so  you 
need  to  be  conscious  of  attacks  that 
could  be  launched  directly  against  the 
system.  A  vulnerability  assessment  scan 
shows  OpenSSH  vulnerabilities. 

Bottom  line 

Asta  Networks  Vantage  System  2.0 
www.astanetworks.com 

Category:  Network  tap 

Cost:  Starts  at  $8,000. 

Advantage:  Very  detailed  reporting 
information. 

Disadvantage:  No  autofilter  option; 
slow  identifying  attacks. 

Best  suited  for:  Organization  looking 
for  an  alert-only  device. 


Lancope  StealthWatch  Ml  00 


The  StealthWatch  M100  is  another  pas¬ 
sive  monitoring  product,  marketed  as  an 
intrusion-detection  system  (IDS),  that 
detects  attacks  based  on  defined  thresh¬ 
olds  and  baselines.  StealthWatch  uses  a 
Concern  Index  and  Services  Profiler, 
algorithms  and  security  logic  Lancope 
developed  to  determine  attack  traffic.  It 
builds  a  profile  of  a  suspected  attack  and 
alerts  administrators  only  when  the 
Concern  Index  of  the  suspicious  activity 
reaches  the  administrator-defined  thresh¬ 
old.  When  an  attack  is  identified,  the 
device  can  take  numerous  actions, 
including  sending  e-mails  and  pages,  and 
blocking  the  offending  connections. 

StealthWatch  also  watches  traffic  at  a 
more  granular  level  than  some  of  the 
other  products.The  Services  Profile  is 
mapped  down  to  an  IP  address,  whereas 
other  products  just  analyze  the  big-pic¬ 
ture  network  traffic. 

Setup  and  installation  of  StealthWatch 
went  very  well.  After  calling  Lancope  to 
obtain  the  administrator  password  (its 
standard  practice),  we  logged  on  to  the 
system  console  and  configured  the  IP 
address  of  the  management  connection. 
We  then  connected  to  the  system 
through  the  Web-based  GUI  to  complete 
the  configuration  process.  We  also  con¬ 
figured  the  device  to  run  in  build  and 
report  mode,  which  means  that  any  new 
services  identified  on  the  network  are 


added  to  the  profile  and  reported  to  the 
administrator. 

One  feature  we  liked  was  its  ability  to 
automatically  e-mail  daily  reports  to 
defined  administrators.  With  this  feature, 
administrators  can  have  the  previous 
day’s  reports  waiting  in  their  inboxes  the 
next  morning  instead  of  having  to 
remember  to  log  on  to  the  system  and 
check  status  or  rely  on  alerts  when 
attacks  occurs.  Administrators  also  can 
set  specific  inbound  IP  addresses  for  a 
watch  list.  Any  time  traffic  is  detected 
from  an  address  on  the  watch  list,  a  spe¬ 
cial  report  is  generated.You  can  config¬ 
ure  the  reverse,  defining  addresses  that 
cannot  trigger  an  alarm,  regardless  of 
what  traffic  it  is  sending  or  receiving. 

One  problem  with  StealthWatch  is  that 
its  Service  Profiles  are  defined  by  IP 
address.  If  your  network  uses  Dynamic 
Host  Configuration  Protocol  (DHCP), 
your  Service  Profiles  will  not  be  accu¬ 
rate.  In  this  scenario,  Lancope  recom¬ 
mends  defining  Service  Profiles  by  IP 
address  ranges  equivalent  to  your 
DHCP  scope. 

We  first  defined  our  Concern  Index 
levels  for  inside  and  outside  hosts.  We 
set  these  levels  at  the  midrange  level. 
Setting  them  too  high  potentially  will 
cause  the  device  to  miss  attacks,  while 
setting  it  too  low  creates  a  large  number 
of  false  positives.  In  our  testing,  Stealth¬ 
Watch  performed  very  well,  identifying 
and  mitigating  all  attacks  we  launched 
during  our  test. 

As  with  the  majority  of  the  rest  of  these 
products,  StealthWatch  runs  on  Linux.  A 
vulnerability-assessment  scan  showed 
OpenSSH  vulnerabilities. 

Bottom  line 

Lancope  StealthWatch  M100 
www.lancope.com 

Category:  Network  tap 

Cost:  $20,000 

Advantages:  Anomaly-based,  but 
catches  nonflood  attacks;  Concern  Index 
and  Services  Profile  to  identify  malicious 
traffic. 

Disadvantage:  Has  problems  working 
in  DHCP  networks. 

Best  suited  for:  Organizations  looking 
for  a  combined  IDS  and  DoS  product. 


Internal  DoS  product 


CS3  MANANet  Reverse  Firewall 
Version  1.10 


The  MANANet  Reverse  Firewall  takes  a 
different  approach,  focusing  on  preventing 
DoS  attacks  from  leaving  your  network. 

To  achieve  this,  the  Reverse  Firewall 
implements  two  critical  functions:  fair 
service  to  visible  sources  and  rate  limit¬ 
ing  of  unexpected  packets.  In  terms  of 
fair  service  to  visible  resources,  the 
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reverse  firewall  focuses  on  additional 
path  information  that  has  been  added  to 
the  packet,  such  as  the  packet’s  source 
data.  Rate  limiting  of  unexpected  packets 
focuses  on  restricting  the  amount  of 
bandwidth  available  to  traffic  floods  — 
those  packets  that  are  sent  to  the  target 
but  will  never  send  responses. 

CS3  also  pushes  router  “cooperability” 
—  network  routers  working  together  to 
identify  distributed  DoS  traffic  and  pre¬ 
vent  it  from  causing  damage.  MANANet 
is  designed  to  identify  other  routers 
working  in  this  cooperative,  accepting  all 
traffic  from  them  as  trusted  packets.  CS3 
refers  to  this  as  the  Path  Enhanced  IP 
Configuration. 

As  with  most  of  the  other  devices, 
MANANet  Reverse  Firewall  runs  on 
Linux,  but  it  also  uses  iptables/netfilter 
firewall  functionality  CS3  suggests  users 
replace  their  existing  firewalls  with 
MANANet  by  just  using  the  iptables  func¬ 
tionality.  The  Reverse  Firewall  also  can 
be  used  to  protect  internal  network  seg¬ 
ments,  not  just  your  Internet  connection. 

Installation  and  setup  was  difficult  and 
complex.  Initial  setup  required  a  floppy 
disk  from  CS3  with  data  specific  to  the 
appliance  you  buy. The  data  on  this  floppy 
disk  must  be  adequately  backed  up  and 
protected  because  your  device  will  not 
work  without  it.  Once  you  have  completed 
the  setup  process,  you  can  manage  the 
device  through  a  Web-based  GUI. 

Using  the  GUI,  we  set  traffic  rate  limits 
and  established  how  we  wanted  to  be 
notified  of  attacks,  via  e-mail  in  our  case. 
We  also  set  how  often  we  wanted  the  sys¬ 
tem  to  check  to  see  if  an  attack  was 
occurring,  as  these  are  not  automatic. You 
must  configure  the  notification  engine  to 
check  every  X  minutes  and  advise  it  what 
threshold  of  dropped  packets  you  need  to 
see  before  an  alert  is  sent. 

The  MANAnet  Reverse  Firewall  per¬ 
formed  well  in  our  tests,  catching  all  of 
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our  attacks.  Being  the  lowest  priced 
product  of  the  group,  its  price/perfor¬ 
mance  ratio  is  high,  but  the  device 
lacked  detailed,  in-depth  reporting  and 
alerting  functionality. 

Bottom  line 

CS3  MANAnet  Reverse  Firewall 
Version  1.10 


www.cs3-inc.com 

Category:  Works  inline  or  tap 

Cost:  $4,000 

Advantages:  Takes  a  different 
approach  with  cooperative  routing. 

Disadvantage:  Most  difficult 
installation. 

Best  suited  for:  Internal  network  sub¬ 
nets. 


Andress  is  principal  of  ArcSec,  a  security 
consulting  firm  in  the  Bay  Area.  Sh  has 
written  several  books,  including  Surviving 
Security,  and  is  active  on  the  conference  cir 
cuit,  speaking  at  Black  Hat,  NetWorld + 
Interop  and  numerous  other  conferences. 
She  can  be  reached  at  mandy@arcsec.com. 
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State  off  the  WAN:  Fine-Tuning  Your  Wide-Area  Infrastructure 
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TOWNMEETING 

Where  Technology  Leaders  Answer  to  You 
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Join  us  in  a  city  near  you! 

September  25 

Chicago,  IL 

September  26 

Richardson,  TX 

October  2 

New  York,  N  Y 

October  3 

Washington,  DC 

October  8 

San  Diego,  CA 

October  9 

San  Jose,  CA 

This  FREE  one-day  Network  World  event  puts  the  pieces  together  and  shows 
you  how  to  reduce  costs  and  maximize  the  value  of  your  WAN  infrastructure! 


What  We'll  Cover 

■  The  latest  improvements  to  frame 
relay  networks. 

■  How  new  features  of  IP-enabled  VPNs 
help  you. 

■  Pros  and  cons  of  voice  over  IP 
deployments. 

■  Improving  your  WAN  with  bandwidth 
enhancement  techniques. 

■  Quantifying  the  return  on  a  sound 
WAN  investment. 

■  Methods  for  securing  remote  access  systems. 


Learn  from  the  experts 
Dr.  Jim  Metzler,  founder  of 
Ashton,  Metzler  &  Associates, 
and  Sandra  Gittlen,  events 
editor  of  Network  World. 


Bonus  -  Attend  and  have  a  chance  to  win  a 
$200  American  Express  Gift  Cheque  for  the 
best  question  of  the  day. 


Register  online  today  at 

www.networkworld.com/events/wan/register.jsp  or  call 
1-800-643-4668.  Seating  is  limited  so  register  today! 

This  event  is  limited  to  qualified  IT  professionals  currently  involved  in  the  evaluation  and  purchase  of  WAN  products  and  services. 
Network  World  reserves  the  right  to  determine  the  total  audience  profile. 
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To  sponsor  this  event,  contact  Andrea  DAmato  at  508-490-6520  or  adamato@nww.com. 
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Staffing  for  convergence 

Joining  voice  and  data  pros  calls  for  thought  about  how  you’ll  ramp  up  staff  and  divvy  up  duties. 


■  BY  PHIL  HOCHMUTH 

Converging  voice  and  data  onto  one  network  can  be  a  daunting 
task  for  any  organization,  but  merging  and  molding  IT  profes¬ 
sionals  to  handle  voice  and  data  duties  successfully  can  be  as 
challenging  as  the  technology  itself. 


Avoid  convergence  clash 

Users  and  experts  say  these  common-sense  guidelines  are  important 
for  ensuring  a  smooth  managerial  transition  when  rolling  out  a 
converged  network. 

Philosophy: 

Instilling  the  "one  network"  concept  is  important  when  starting  an  IP  telephony 
project.  It  is  especially  critical  to  impart  the  idea  that  the  stakes  are  raised  in 
terms  of  network  reliability  and  response  to  outages  and  problems  when  voice 
traffic  is  ported  to  IP. 

Training: 

Cross-training  workers  who  come  from  telecom-only  or  datacom-only  jobs  is  the 
most  crucial  part  of  a  convergence  project.  While  it  is  not  necessary  to  make  the 
"phone  guy"  an  IP  networking  expert,  and  vice  versa  for  LAN/WAN  folks,  cross¬ 
training  will  ensure  everyone  is  on  the  same  page. 

Organization: 

It  might  be  necessary  to  restructure  reporting  schemes  and  processes  for  dealing 
with  support  and  maintenance  of  the  network.  Best  practices  from  both  telecom 
and  datacom  camps  should  be  analyzed  and  considered  without  any  one  method 
or  philosophy  taking  over  the  operation. 


As  IT  executives  look  to  convergence  to 
reduce  costs  and  support  new  applica¬ 
tions,  they  also  need  to  consider  the 
staffing  implications.  Workers  in  the  voice 
and  data  departments  have  different 
skills  and  experience,  and  bringing  them 
together  on  a  single  team  will  require 
that  they  learn  some  new  technologies. 

On  the  campus  of  Delaware  State 
University  in  Dover,  a  new  phone  system 
called  for  training  and  changes  to  the 
school’s  help  desk  system.The  school 
recently  installed  a  Siemens  HiCom  300 
PBX  and  two  HiPath  3000  IP  PBXs  to  run 
voice  and  data  at  a  satellite  campus  50 
miles  away.  Digital  handsets  attached  to 
the  HiCom  PBX  connect  users  in  the 
main  administrative  office  buildings. 

The  dorms  and  remote  campus  build¬ 
ings  have  about  500  IP  handsets  linked 
to  the  HiPath  IP  PBXs.  Charles  Fletcher, 
assistant  provost  for  technology  and 
information  systems  at  the  school,  kept  a 
mix  of  IP  and  circuit-switched  phones  so 
he  wouldn’t  be  completely  reliant  on 
one  voice  technology. 

Before  the  Siemens  installation,  the 
university  used  a  Centrex 
system  from  Verizon.  While 
bringing  the  phone  system 
in-house  was  a  big  project 
on  its  own,  the  conver¬ 
gence  aspect  added 
another  wrinkle  to  staff 
management. 

“Everyone  knows  IP  in 
my  operation,”  Fletcher 
says.“The  area  that  has 
been  a  challenge  is  to  get 
IP  people  used  to  running 
voice*  Overall,  his  staff 
members  accepted  the 
new  telecom  responsibili¬ 
ties,  he  says,  and  were 
quick  studies  in  the  tech¬ 


nology. 

While  Fletcher  calls  his  network  well- 
managed,  he  concedes  that  network  out¬ 
ages  occasionally  take  time  to  be  re¬ 
solved.  With  voice  in  the  equation,  that 
had  to  change.“The  new  philosophy  we 
put  in  was  that  if  there  is  a  phone  issue, 
that  has  to  be  taken  care  of  much  more 
quickly  than  a  data  issue,  such  as  a 
crashed  laptop,”  he  says. 

Fletcher  devised  a  new  system  for 
reporting  technical  problems  via  e-mail 
and  phone,  and  prioritizing  them. The 
staffer  who  previously  managed  the 
Centrex  system  assumed  responsibility 
for  the  PBX. That  person  got  training  on 
the  Siemens  IP  and  circuit-switched 
PBXs,  while  the  rest  of  the  group  re¬ 
ceived  more  basic  training  on  trouble¬ 
shooting  and  administration. “The  ex¬ 
tensive  training  we  put  our  staff  through  1 
think  is  what  will  pay  off  in  the  long  run,” 
Fletcher  says. 

In  Daytona  Beach,  Fla.,  one  self-pro- 
claimed  “old  IT  dog”  did  most  of  the 
teaching  when  the  city  moved  to  a  con¬ 
verged  voice/data  IP  network. 

The  city  hired  five  IT  work¬ 
ers  to  install  and  manage 
two  IP-enabled  Meridian 
PBXs  from  Nortel  to  replace 
a  Centrex  system.  Nortel 
Business  Communications 
Manager  IP  PBXs  let  workers 
use  IP  phones  to  connect  to 
the  main  Meridian  systems 
over  a  Gigabit  Ethernet  met¬ 
ropolitan-area  network.  Back 
in  the  larger  offices,  digital 
Nortel  handsets  connect 
directly  to  the  PBX. 

Gene  McWilliams,  IS  direc¬ 
tor  for  the  city,  says  that 
instilling  the  right  philosophy 
about  voice  from  the  pro¬ 


ject’s  inception  was  key  Although 
McWilliams  has  worked  with  voice  and 
data  for  more  than  20  years, some  of  his 
staff  members  in  their  mid-thirties  came 
from  the  “point-and-click”  generation  of 
Windows  PCs.’The  thing  is,  I  never  told 
them  there  was  a  difference  —  data  is 
data,  transmission  is  transmission  is  our 
philosophy  he  says. 

McWilliams  sent  staff  for  training  on  the 
Nortel  PBXs,  and  he  helped  reduce  the 
learning  curve  with  his  own  experience 
with  Nortel  switches.  His  goal  in  picking 
his  staff  of  17  was  to  hire  workers  who 
could  adapt  and  handle  a  diverse  set  of 
technologies."!  didn’t  take  telecom  peo¬ 
ple  and  try  to  make  them  into  datacom 
staff,”  he  says.“I  really  didn’t  take  data  peo¬ 
ple  and  cram  phone  technology  down 
their  throat  either.  I  said  this  is  a  new  road; 
this  is  a  converged  road,"  and  everyone 
will  have  to  have  converged  skills. 

At  The  Seattle  Times,  an  Avaya  S8700 
IP  PBX  and  several  hundred  IP  tele¬ 
phones  were  installed  recently  as  the 
newspaper  moves  to  convert  each  of  its 
1,000  or  so  phones  to  IP  phones  by  the 
middle  of  next  year.  Eventually,  the 
entire  phone  system  will  ride  on  a  net¬ 


work  of  Cisco  switches  in  the  backbone, 
Nortel  routers  at  the  edge  and  Avaya 
switches  at  the  desktop. 

Thomas  DunkerleylT  communications 
manager  for  the  newspaper,  managed  the 
former  Avaya  PBX  and  oversaw  the 
migration  from  a  circuit-switched  PBX  to 
an  IP-based  call  server.  Paul  DeWees, 
senior  network  systems  administrator, 
handled  the  recent  upgrade  of  the 
paper’s  Cisco  switched  data  network.  So 
was  head-butting  inevitable? 

No,  Dunkerley  and  DeWees  say  The  two 
work  as  partners  in  overseeing  the  new 
network,  whereas  in  the  past,  their  paths 
were  less  likely  to  cross.  Dunkerley  and 
DeWees  share  project  status  updates  and 
technical  information. 

Convergence  also  has  changed  the  day- 
to-day  tasks  and  routines  of  managers 
and  their  staff:  Dunkerley,  formerly  a  “PBX 
guy  now  keeps  track  of  IP  network  utiliza¬ 
tion,  while  DeWees  has  become  involved 
in  testing  the  quality  of  IP  voice  conversa¬ 
tions  over  the  LAN  and  WAN. 

Dunkerley  and  DeWees  say  they’ve 
been  enlightened  a  bit  about  the  require¬ 
ments  of  overseeing  data  and  telecom 
management.  ■ 
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Finally  -  the  missing  piece! 


Today’s  ever-growing  data  centers  make  it  harder 
than  ever  to  get  hands-on  control  of  all  your  servers 
and  network  devices.  Now  you  can  have  direct 
access  to  every  device  in  your  data  center  from  any 
location,  all  from  a  single  screen.  Manage  and  maintain 
servers  in  your  local  rack  or  across  the  world. 


Total  system  control  over  analog  or  IP  connection 
means  complete  ‘at  the  computer'  troubleshooting 
from  anywhere. 

Now  it's  all  falling  into  place.  Avocent’s  advanced 
analog  and  digital  KVM  solutions  -  the  perfect  fit 
for  the  server  room  and  enterprise. 


For  the  complete  picture,  download  a  free  KVM  Tech  Guide  today  at 
www.kvmguide.com  or  call  1  -866-AVOCENT  (286-2368),  ext.  3006. 


Avocent,  the  Avocent  logo,  “The  Power  of  Being  There",  “KVM  over  IP”.  DSR,  DSView,  DS1800,  and  CPS  are  trademarks  of 
Avocent  Corporation.  All  other  marks  are  the  property  of  their  respective  owners.  Copyright  ©  2002  Avocent  Corporation. 


Avocent 

The  Power  of  Being  There*, 


The  Hub  of  the  Network  Buy 


New  kid  on  the  block? 


The  GB-1000  Firewall/VPN  appliance  is  powered 
by  the  GNAT  Box  System  software  -  the  original, 
small  footprint,  high  performance  firewall  system  first 
introduced  in  1996.  The  GB-1000  is  deployed 
worldwide  by  organizations  that  desire  rock-solid 
operation  and  the  best  price/performance  ratio  on  the 
market  today. 

The  GB-1000  has  many  standard  features  including 
IPSec  VPN.  DNS  server,  failover  routing  and  DHCP 
services.  Optional  features  such  as  high  availability 
and  24x7  support  are  also  available. 

Visit  our  web  site,  email  or  cal!  for  information. 


1-800-775-4GTA 

www.gta.com 

info@gta.com 


Firewall  Appliance 


Years:  10 

GTA  has  10  years  experience  in  developing  quality  software.  Since  1994,  GTA  has  been 
producing  solid,  dependable,  ICSA  certified  firewalls,  with  a  powerful  feature  set  at  an 
affordable  price. 

NICs:  4+ 

The  GB-1000  standard  confi  guration  includes  4  built-in  10/100  NICs.  Expansion 
options  allow  the  addition  of  up  to  4  more  NICs,  including  Gigabit.  Each  NIC  is  fully 
addressable,  allowing  flexible  configuration. 

Users:  oo 

GB-1000  has  an  unlimited  user  license  and  supports  128,000  concurrent  connections. 
Our  powerful  dynamic  network  address  translation  technology  and  stateful  packet 
inspection  engine  provide  all  users  with  transparent  Internet  access  and  proven  network 
security. 

Global  Technology  Associates,  Inc. 

Building  firewalls  since  1994 


CERTIFIED 


There  ts  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


OBSERVER 


Expert  Observer 

Observer  Suite 
*3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  *44  (0)  1959  569888  •  Fax  +44  (0)  1959  569881 

©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  "N  with  a  dot”  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 
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UltraLink 


■  Connects  to  standalone  computers  or  any  KVM  switch 

■  High  quality  16-bit  video  at  up  to  1280x1024  resolution 

■  Easy  to  install,  give  it  an  IP  address  and  run  the  Viewer 
program,  no  user  license  required 

■  Encrypted  communication  produces  highly  secure  operation 

■  Scaling  and  scrolling  features  for  maximum  flexibility 


UltraLink  sets  a  new  standard  in  remote  management  of  server  room 
environments.  It  saves  you  money  by  allowing  you  to  centralize  your  IT 
resources.  Since  it  does  not  depend  upon  software  loaded  on  your 
computers,  it  deploys  easily  and  works  on  any  operating  system,  such 
as  Windows,  Linux,  Solaris,  Unix,  or  OSX. 


The  UltraLink  digitizes  the  remote  computer's  video.  It  then  scales, 
compresses,  encrypts,  and  packetizes  it  into  the  TCP/IP  protocol.  At 
your  PC  the  free  Viewer  application  receives  and  displays  the  video  and 
sends  back  keyboard  and  mouse  data.  This  process  allow  you  to  access 
remote  computers  from  anywhere. 


USA  toll  free 
ROSE  US 
ROSE  Europe 
ROSE  Asia 


800  333  9343 
281  933  7673 
+44(0)  1264  850574 
+617  3427  5353 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  TX  77099 


" 


■  Single  mouse  cursor  simplifies  user  interface 

■  See  four  servers  from  one  screen  with  quad  screen  mode 

■  Lifetime  free  flash  upgrades 


Rose  is  a  leading  manufacturer  of  switching,  extension,  and  access 
products.  As  a  KVM  industry  pioneer,  Rose  is  known  for  its  technically 
superior  and  price  competitive  products. 

Join  the  ranks  of  many  successful  companies  using  UltraLink,  call  Rose 
to  learn  more  about  KVM  Access  over  IP  as  well  as  KVM  Switches  and 
Extenders. 


WWW.ROSE.COM 


ELECTRONICS 


It«s  not 
who  you  know, 

but  what 
you  know. 


Courses  to  Help  Prepare  You  for; 

•  Microsoft® Windows®  2000  MCSA’ 

•  Microsoft®Windows®  2000  MCSE 

•  CCNA®  ;,;fg 

>  A+®  f|9H 

•  Network-)-® 

•  CIW"" 

*  Hot  all  programs  are  available  at  all  locations 


Night  classes  are  available.  Enroll  by 
September  3°“.  2002,  in  one  of  our  campus 
based  technical  programs,  complete  first 
.  course  and  receive  a  FREE  VOUCHER  Wjjg 

L  for  one  CERTIFICATION  EXAM  through 
Vue®  testing.  A  $125  Value! 

Limited  offer  while  vouchers  last. 

Financial  Aid  available  at  select  locations.  ^ 

1-800-811-7448 

To  request  information,  visit: 

mcse .phoenix . edu 

For  a  complete  listing  of  courses 
and  other  information,  visit: 

www.mcse.com 

Product  names,  company  names  and  trademarks  shown 
are  the  property  of  their  respective  owners. 
©2002  University  of  Phoenix.  All.  BIGHTS  BESEBVED. 
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Dial  Access  Solutions 


PCI  Multi-modem  Adapters 

Provide  4  or  8  V.90/V.34  data  and  fax  modems 

in  one  easily-installed  easily-configured  adapter.  v  ^ 

4  and  8-port  adapters 

Scalable  to  32  ports  per  server  .*> 

Lowest  CPU  utilization 
Installs  in  minutes 
Requires  no  interrupts 

Compare  for  yourseif^l^^ 

I v  .  *  *  •*  uf  *.  SST-MM8P  PCI 

Dial  Access  at  its  best!  • 

Equinox  Multi-modem  Adapters 

provide  up  to  44%  savings  over  the  fax  server 

leading  competitors  of  similar  prq|ucts,  "  Dial  access 

_  .  _  .  Data  collection 

Try  before  you  buy*  Modem  pooling 

Call  1-800-275-3500,  ext.  61 5  Internet  access 

for  a  FREE  30-day  evaluation!  I  -  .  •  ’  ”  ■  ;  •.  '  ' 

or  email:  sales@equindx.com 

For  more  infomation  on  Equinox  products  visit  Our  website  at  -  www.equinox.com 
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Fault  Tolerant  Modem  (FTM) 


i 


Deluxe. 


Password/Dial  Back  Modem  (SRM) 


Remotely  Configurable 

AC  and  -48V  DC  Power  Options 

Internal  Filtered  and  Surge  Protected  Power  Supply 

Powers  Up  to  Specified  Answer  Rings  and  Baud  Rate 

Standard  “AT”  33.6  Kbps  Modem 


Local  RS232  Console  Port  33.6  Kbps  Modem 


•  Up  to  100  Individual  Passwords 

•  Audit  Trail  Log  with  Time/Date  Stamp 

•  Remotely  Configurable 

•  Standard  “AT”  33.6  Kbps  Modem 

•  1 9”  or  23”  Rack  Options  nebs  Approved 


□ 

□ _ iviwy.ivff.com _ (800)  854-7226 

western  telematic  incorporated  Keeping  the  Net...Working! 

5  Sterling  •  Irvine  •  California  •  92618-2517 


Seeking  Solutions  ...NTI  Has  The  Answers! 


MULTI-USER 

SERVER 

CONTROL  IS  EASY! 


Individually  command  or  simultaneously 
share  up  to  32  USB-enabled  computers 
using  USB  keyboards  &  mice  and  VGA 
multiscan  monitors. 


“I  want  Matrix  KVM 
control  for  USB  computers.” 


umm  solutions 


•  Compatible  with: 

•SUN  Blade  100, 1000, 

-  SUN  Ray  &  SUN  Fire*  280R 

-  USB-enabled  PCs 

-  MAC  G3/G4S 

-  HP  J5000  and  other  USB-enabled 
UNIX  computers 

•Available  with  2,  4  or  8  user  ports. 

•Controlling  USB  computers  is  easy 
with  NTI’s  Matrix  Control  Software 
with  a  GUI  interface. 

•  Features  NTI’s  patented  true  electronic 
autoboot  USB  switching  -  boots  all 
attached  computers  in  one  operation. 
(Other  USB  KVM  switches  require 
individual,  sequential  boot-up.) 

•  Fully  compliant  with  USB  standards. 

•  Crisp  &  clear  1900x1200  resolution. 


1275  Danner  Drive  •  Aurora,  OH  44202 
330-562-7070  •  FAX:  330-562-1999 

BUY  ONLINE  at  www.ntil.com/sn 
Email:  sales@nti1.com 


-  Adjustable  length  ball 

bearing  slides. 

-  Also  in  black  and  with 

locking  front  panels 
Made  in  the  USA. 


With  Keyboard  and 


rd 


and  Touchpad 


1-800-729-7654 

Web:  www.recortec.com 
Email:  sales@recortec.com 


I  IMG. 
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1620  Berryessa  Road  San  Jose.  Ca  95133 
Tel:  (408)  928-1 480  Fax:  (408)  729-3661 
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Instantly  Search  Gigabytes  of  Text 


dtSearch 


® 


The  Smart  Choice  for 
Text  Retrieval ®  since  1991 


"Superb  ...  a  multitude  of  high-end  features"  —  PC  Magazine 

"A  powerful  text  mining  engine  ...  effective  because  of 
the  level  of  intelligence  it  displays"  —  PC  Al 

"Very  powerful  ...  a  staggering  number  of  ways 
to  search"  —  Windows  Magazine 

"Impressive"  —  PC  Magazine  Online 

"A  tremendously  powerful  and  capable 
text  search  engine" —  Visual  Developer 

"Intuitive  and  austere  ...  a 
superb  search  tool"  —  PC  World 


Fast,  precision  searching 

♦  over  two  dozen  text  search 
options 

♦  indexed,  unindexed,  fielded 
and  full-text  searching 

Organization-wide  reach 

♦  highlights  hits  in  HTML  and  PDF 
while  keeping  embedded  links 
and  images  intact 

♦  converts  other  file  types  —  word 
processor,  database,  spreadsheet, 
email,  ZIP,  XML,  Unicode,  etc.  — 
to  HTML  for  display  with 
highlighted  hits 

1 -800-IT-FINDS 
www.  dtsearch.  com 

sales@dtsearch.com 


Publish  a  searchable 
database  to  CD,  DVD 
♦  from  $2,500 


Text  Retrieval 
Engine 

Add  power 
searching  to 
a  product 

♦  extensive 
sample  source 
code  in  multiple 
programming 
languages 

♦  from  $999 


Web 


Add  instant 
searching  to  your 
site  ♦  $999  per  server 


Stop  by  www.dtsearch.com 
for  30-day  evaluation  versions 


Cisco 


Routers 

Switches 

Hubs 

Voice  Over  IP 

Memory 

Security 

Interface  Modules 
Port  Adapters 
Wireless 


World  Data  Products  introduces  its  new  Cisco 
Router  and  Switch  poster,  it  provides  at-a-glance 
information  on  model  capacities,  interface  caids 
and  available  features. 

The  Cisco  Poster  is  a 

valuable  tool  for  _ 

network  planning. 

Call  877.231.2451  or 
visit  www.wdpi.com 
to  request  your 
FREE  Cisco  Router 
and  Switch  poster. 

I  gfi-. 
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DATA  PRODUCTS 


Buy  •  Sell  •  Lease  •  Repair  •  New  •  Refurbished  •  Used 
www.wdpi.com  •  877.231.2451  •  cisco@wdpi.com 

121  Cheshire  Lane,  Minnetonka,  MN  55305  U.S.A. 


PC  Magazine  s 
Editor's 
Choice 
Award 


MAGAZINE 

EDITORS’ 

CHOICE 


July  2002 
SilentRunner  3.0 
SilenlRunner.  Inc. 


SilentRunner  is  the  lens  into  your  network  providing 
the  only  network  security  solution  that  applies 
state-of-the-art  analysis,  correlation  and 
3-D  visualization  software  to  network  security 
analysis  -  exposing  threats  and  abuses  that  just 
can’t  be  seen  with  standard  security  technologies. 


Computerworld 
Honors 
21st  Century 
Award 


Silenmunner 


For  your  free  Technical  White  Paper, 
visit  www.silentrunner.com 
or  call  800.842.2366  today. 
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Contact  these  companies  today  to  help  you  with  your  training  needs! 


Boson  Training  ^ 

(813)  925-0700 
www.bosontraining.com 
CCIE,  CCNP,  CSS1,  CCNA,  Cisco, 
wireless,  CISSP 


Learnkey  Inc.  t 

(800)  865-0165 
www.learnkey.com 
Self-paced  online  CD  network 
certification  developer  bus/apps 


— — 


PMG  NetAnalyst 

(800)  645-8486 
www.NetworkTraining.com 
Network  Forensic  Analysis  and 
Security  Training  and  Services 


TechEd  Services 

(407)  243-6494 
www.techedsvcs.com 
Customized  onsite  training  for 
Microsoft,  Cisco,  Network  Associates 


George  Washington  Univ 

(202)  973-1175 
www.cpd.gwu.edu 
Oracle  MCSE  Network  Security 
UNIX/LINUX  1-Net  VB.Net  XML 


WKMN  Training 

(415)  586-1713 
www.wkmn.com 
Comprehensive  introduction  to 
wireless  networking. 
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Cisto  Systems  ■  Extreme  Networks 
Juniper  Networks  ■  Foundry  Networks 

www.  digitalwarehouse.  com 

imsital  warehouse 

Your  Information  Superhighway  Discount  Source ® 


W&S 


■  Nortel  Networks 

■  Lucent  Technology 

■  Alcatel 

■  Riverstone  Networks 


Phone:  800-439-8558  or  718-894-7500 

56-29  56th  Drive,  Maspeth.  NY  1 1378  USA  Fax:  718-894-1573 


For  More  fnforMatfon 
on  adv'er-Kjfn^  »n 
^e*wo rk  Wor(<ff*  Marketplace 
contact;  £nko  Gufcafe? 
800-bll-1l08  ext.  6^5? 
e*  ut>  afe0nww.coM 


NURTELnetworks 
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BROWSING  THE  AUCTIONS? 
Consider  What  You  Get: 

National  LAN  Exchange  Auctions 


•  Nortel  Service  Contracts 

•  Nortel  Service  Renewals 

•  Next-Day  Hardware 
Replacement 

•  Free  Technical  Support 

•  One  Year  Warranties 

•  New  and  Used  Equipment 

•  Hundreds  ol  Pieces 
in  Stock 

•  Desigrv'InstaH  Services 

•  fast  Overnight  Delivery 


•  No  Service  Contracts 

•  No  Service  Renewals 

•  No  Replacements, 

No  Guarantees 

•  No  Support 

•  No  Warranties 

•  Who  Knows? 

•  Sometimes  Available, 
Sometimes  Not 

•  No  Services 

•  Inconsistent  Delivery 


Mane  the  Smart  Choice 


www.NLEcom 
New/Used  •  Buy/Sell 
National  LAN  Exchange 


888-8LANWAN 

(888-852-6926) 

'!8rH«E  A 


WRCA.NET 

NEW  USED 


AUTHORIZED  RESELLER 
Access/Routers/Switches 
Cisco  Livingston  Ascend 
3Com  US  Robotics  Kentrox 
Adtran  BayNetworks  Xyplex 
Computone  Digital  Link 
Modems  /  DSU  /  Muxes 
IBM  UDS  Codex  Hayes  GDC 
Micom  Microcom  Paradyne 
ATT  MultiTech  Penril 
Racal  Telebit  Zoom 

WE  BUY  AND  SELL 
www.wrca.net 
800-699-9722 


New  &  Used 

■ 

Fully  Guaranteed 

■ 

Se  habla  Espanol  ®  ® 

Overnight  Delivery 

Wir  sprechen  Oeutsch  III 

We 


& 

Sell 


CISCO 


800.451.3407 


90  Castilian  Drive.  Suite  110.  Santa  Barbara.  CA  93117 


Routers 
Switches 
Interface  Modules 
Access  Servers 
Accessories 


www.nGtworkhardware.com 

BUY  ONLINE 


■1 

IS! 


NETWORK  HARDWARE  RESALE® 


FIBER  OPTIC 
SOLUTIONS 


•  T1/E1  &  T3/E3  Modems 

•  FtS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS/400  Twinax,  and 
RS/6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethernet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  ISO  -  9001 


Toll  Free  866-SITech-1 
630-761-3640,  fax  630-761-3644 

www.sitech-bitdriver.com 


*959 

Versa  Tables 
Factory  Direct  Prices 
Lifetime  Warranty  mad.  In  USA 
310-973-0384  www.varaidlract.com 


Multiple  Models  Including: 


THL-100 

(Battery  powered) 

THL-100  AC/DC 

(Continuous  monitoring) 

THL-100  AC/DC  Plus 

(Email  alarms) 

►  Records  Temperature,  Humidity  &  Light 

►  Time  Stamped  Data  for  Detailed  Analysis 

►  Windows-based  SmartSensor  Software 

•  Data  or  graphical  view 

•  Easily  exports  to  common  spreadsheet 
software 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


iruiMi 

See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage.  Leather  goods.  Gifts 
Pens.  Clocks.  Lighters.  Games 

www.suitcase.com 


Buy,  Sell  or  Announce  _ 

Network  Products 
and  Services  with 
Network  World's  Marketplace 
Cali  800-622-1108  ext.  6507 


OptimumDatalnc. 


toll  free  800  879  8795 
ph:  +  7  402  575  3000 
fax:  +  1  402  575  20 1 1 


www.opHmumdata.com 


We  Buv  &  Sell 


i,y 

Used 


1 20  Day  Warranty 

Cisco  •  Paradyne  •  ADTRAN  •  Extrem?  Networks 
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IT  CAREERS 


Sure 

N  etwor  kWorld, 

COMPUTERWORLD, 

and  Into  World 
Help  You  Do 
A  Better  Job. 


Now  Let  Us  Help 
You  Get  One. 


Cali  : 

1-800-762-2977 


careers.com 


Applications  Programmer  Lead  - 
Responsible  for  developing  or 
modifying  procedures  required 
to  solve  complex  problems  tak¬ 
ing  into  consideration  computer 
equipment  and  capacity  and 
limitation,  operating  time  and 
form  of  desired  results.  Will  be 
responsible  for  program  design, 
coding,  testing,  debugging  and 
documentation.  Required:  Bach¬ 
elor's  Degree  or  foreign  degree 
equivalent  in  Computer  Science, 
Information  Systems,  Engineering 
or  related  field  and  five  years' 
related  experience  required  or 
Master's  degree  or  foreign  degree 
equivalent  in  stated  fields  and 
three  years'  relevant  experience. 
Experience  must  include  Java 
language  skills  to  include  J2EE; 
Struts;  C++  and  PI/SQL.  40+ 
hours  per  week,  Monday  through 
Friday,  8:00  a.m.  to  5:00  p.m. 
Send  resume  to  Attn:  David 
Godbee,  BellSouth  Advertising 
&  Publishing  Corporation,  2247 
Northlake  Parkway,  Mailstop: 
06C  617,  Tucker,  Georgia  30084. 


Oracle/Sybase/Sql  DBA  Masters 
+  5  yrs  ind.  work  as  DBA  Prod. 
Support,  Devp  &  Web 
Support, Migration  Modeling, 
Tuning,  PL/SQL,  Shellscripting. 
Mail  replies  only:  L.  Tharp  2200 
W.  Commercial  Blvd. Suite  208, 
Fort  Laud.,  FL33309  No  Ph  Calls 
Pis 


Paradigm  Infotech  is  looking  for 
programmer/system  analysts, 
s/w  engineers.  Candidate  must 
have  BS  with  at  least  one-year  IT 
experience.  Good  skills  in  C/C++, 
Java,  Oracle,  WebLogic,  VB,  HTML 
are  plus.  Traveling  is  required. 
Apply  jobs@paradigminfotech. 
com.  EOE 

QA  Engineer/Analyst  /  IT  profes¬ 
sionals  req  by  E-Comlogics.com, 
Inc.  Work  in  Pittsburge,  PA.  1  + 
years  of  QA  Exp.BS  degree  in 
Comp  Science.  Exp  with  QA 
methodologies.  Extensive  Knowl¬ 
edge  in  Automation  tools/script. 
Send  resume  to  resume® 
ecomlogics.org. 


Innovative  has  openings  for  sys 
tem/programmer  analysts,  soft¬ 
ware/project  engineers.  BS/MS 
degree  with  1-year  experience 
required.  Skills  of  C/C++,  VB, 
Oracle,  Java,  Websphere/logic, 
HTML,  Unix,  SQL,  DB2  are  plus 
(travel  maybe  required).  Contact 
info@icscorpusa.com.  EOE 

Infomerica  is  looking  for  system 
/programmer  analysts,  software 
/project  engineers  &  computer 
consultants  working  at  different 
sites  (travel  required).  Candidates 
must  have  BS  with  1  -year  exp.  in 
IT  fields.  Skills  of  Oracle,  Informix, 
Java  preferred.  Send  resumes  to 
info@infomericainc.com 


Venturi  seeks  I.S.  Analyst  for 
Kirkland,  WA  office.  DESC:  Prov. 
comp.  sys.  consult,  to  max.  I.S. 
efficiency;  dsgn,  dev,  &  impl. 
financial  &  cost  mng.  aps.  util. 
RDBMS,  SQL,  VB,  XML,  ASP, 
OLE  DB,  IIS,  &  Win  o/s.  Incorp. 
&  impl.  NT  authentication  util. 
COM+.  REQ:  BS  in  Engr,  CS, 
MIS,  Math,  or  Physics  +  2  yrs. 
exp.  in  duties  of  job  offered. 
Prem.  sal.  +  bns.  &  benes.  Pis. 
reply  to  J.  King,  Job#  VT-101, 
11255  Kirkland  Way,  Kirkland, 
WA  98033. 


Mercury  Interactive  Corporation 
is  the  world's  leading  provider  of 
solutions  that  automate  testing, 
quality  assurance  and  application 
performance  management  for  e- 
business,  enterprise  resource 
planning,  and  client/server  ap¬ 
plications. 

We  currently  have  exciting  op¬ 
portunities  available  in  our  Sun¬ 
nyvale,  CA  headquarters,  as  well 
as  various  locations  throughout 
the  US,  including  Dallas,  TX  for 
the  following  positions  (all  levels 
/all  types): 

•  Software  Engineers  (&  Consul¬ 
tants) 

•  Systems  Analysts/  Engineers 
(&  Consultants) 

•  Network  Engineers/ 

Unix  Administrators 

•  Database  Administrators 
•Technical  Support  Engineers 

•  Product  Managers 

•  Customer  Support  Analysts 

Please  send  resume  to  Mercury 
Interactive  Corporation  with  cover 
letter  to  Human  Resource  Dept.; 
fax:  408-822-551 4  or  email  your 
resume  to  jobs@merc-int.com. 
For  additional  information  on 
these  and  other  positions,  visit 
our  web  site  at  mercuryinterac- 
tive.com.  Mercury  Interactive 
Corporation  is  an  equal  employ¬ 
ment  opportunity  employer  com¬ 
mitted  to  the  development  of  a 
diverse  workforce. 

% 

MERCURY  INTERACTIVE 


Seeking  qualified  applicants  for 
the  following  positions  in  Memphis, 
TN:  Senior  Technical  Analyst. 
Research,  evaluate,  implement 
and  coordinate  changes  to  large, 
complex  computer  systems/ap¬ 
plications.  Requirements:  Bach¬ 
elor's  degree*  in  computer  sci¬ 
ence,  math  or  related  field  plus  5 
years  of  experience  in  systems 
development,  including  pro¬ 
gramming.  Experience  with:  either 
C,  C++  or  Java;  Tibco;  and  mes¬ 
saging  also  required.  Manager 
Proiect/Process  (ITL  Manage 
software  development  life  cycle 
(SDLC)  process  for  major  ana¬ 
lytical  pricing  projects  and/or 
processes  requiring  involvement 
of  user  area  and  systems  devel¬ 
opment.  Requirements:  Bachelor's 
degree*  in  business,  computer 
science  or  related  field  plus  5 
years  of  progressive  experience 
in  systems  development  and/or 
operations  analysis.  Experience 
with  analytical  pricing  project 
management;  mainframe  systems 
/software  (IMS  or  CMS);  and 
SQL  also  required.  'Master's 
degree  in  appropriate  field  will 
offset  2  years  of  general  experi¬ 
ence.  Indicate  which  position  you 
are  applying  for  and  submit 
resumes  to  Sibi  George,  FedEx 
Corporate  Services,  1900  Summit 
Tower  Blvd.,  Suite  1400,  Orlando, 
FL  32810.  EOE  M/F/D/V. 


Manager,  Oracle  Business 
Process.  Atlanta,  GA.  Dvlp/modi- 
fy  procedures  to  solve  complex 
probs  w/n  MIS.  Dsgn/dvlp/gen- 
erate  rpts  using  Oracle  ERP, 
SQL  scripts,  Oracle  FSG  &  Oracle 
Fin'l  Analyzer.  Form/define  sys 
scope/objs  through  user  needs 
&  understanding  of  bus  sys/ 
industry  reqmts.  Review  existing 
structure  &  rec  changes  for 
sys  improvement/enhancement. 
Resolve  discreps/reclassn  of 
financial  info.  Maintain  chart  of 
accts  &  validation/security  rules 
w/n  Oracle  ERP.  Supp  fund  & 
tech  aspects  of  Oracle  apps. 
Req.:  Bach/for  equiv  in  Acctg 
or  relevant  IT  field;  5  yrs  exp 
Programmer/Analyst  in  acctg 
app;  3  yrs  intensive  Oracle  exp 
(may  be  concurrent),  ind  apps 
set-up/sys  use  dsgn/end  user 
appl  of:  General  Ledger,  Accts 
Payable,  Fixed  Assets,  FSG, 
Fin'l  Analyzer,  &  HRMS.  Resume: 
Mr.  D.  Stuckey,  Lodgian,  Inc., 
3445  Peachtree  Rd.,  NE,  Ste. 
700,  Atlanta,  GA  30326. 


It’s  1  ike  having 

the  i nsi de  track  on 

all  the  hottest  tech  jobs, 

aV1  the  time. 
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The  hottest  job  leads  you  can’t 
find  anywhere  else  are  all  right 
here.  That’s  because  Dice  is  all 
tech  jobs,  all  the  time.  Get  the 
inside  track  on  the  best  tech 
jobs.  Go  to  dice.com  today. 


2002  Dice.com 


Systems  Analyst  for  Software 
Consulting  &  Design  Company 
in  Chicago:  Will  Design,  develop 
and  maintain  new  and  existing 
software  applications  for  industry 
and  business  using  C,  Power¬ 
Builder,  Sybase,  Visual  Basic, 
MS  SQL  Server  and  Windows 
NT.  Develop  and  implement  Client 
/Server  applications  and  syn¬ 
chronization  techniques  in  Unix. 
Write  Source  Codes  based  on 
design  specifications,  research 
feasibility  of  new  products  and 
add  new  features  at  client's 
request.  2  years  experience 
required  or  2  years  experience 
as  a  Systems  Analyst,  gained 
from  industrial  settings,  must  have 
training  in  software  development 
or  training  in  object  oriented  pro¬ 
gramming  on  client  server  based 
system  using  PowerBuilder,  Visual 
Basic  and  Sybase;  one  year 
experience  in  ClipperDBMS;  At- 
least  three  months  systems  ex¬ 
perience  in  the  shipping  industry 
involving  worldwide  realtime 
container  management.  Bachelors 
or  equivalent  degree  with  Chem¬ 
istry,  Mathemetics  or  computers 
required.  40  hrs.  week  M-F  8am- 
5pm,  $77309  per  year.  Must  have 
proof  of  legal  authority  to  work  in 
the  US.  Send  2  copies  of  resume 
and  cover  letter  (No  Calls)  to 
Ref.#  V-IL29102-J,  Attn.  Leila 
Jackson;  401  South  State  Street- 
7  North;  Chicago,  IL  60605. 


Sr.  Billing  Software  Eng.  Analyze, 
design,  code  usage  record  col¬ 
lection  of  interfaces  b/w  telephony 
switching  equipment  &  existing 
NT-based  BCC  software  product. 
3+  years  in  development  VC++ 
/MFC  database  applications, 
SQL  Server  preferred.  Extensive 
knowledge  of  cellular,  GSM 
/PCS,  wireline  and  CIBER/TAP, 
as  well  as  switch/tape  interfaces. 
9-5  40hrs/wk  85K  Rancho 
Cucamonga,  CA.  send  cv 
hr@arisinc.com.  888.274.3995 


RK  Management  Consultants 
Inc.  seeks  experienced  profes¬ 
sionals  In  the  following  skills:  Ma- 
trixOne  Certified  consultants 
who  have  deep  technical  exper¬ 
tise  in  eMatrix,  schema  design, 
Oracle,  AEF,  Java,  and  JSP. 
UNIX/Network  admin  4-5  yrs  ex¬ 
perience.  Candidate  must  be 
Certified  Solaris,  CCNA  and  net- 
work+  admin,  Solaris  7/8  are 
DEC  tru64  4.0F  .  Servers:  Sun 
Ultra,  Sun  fire  and  Enterprise 
class  servers,  Sun  Storage  T3/ 
A5100  ,A3x00.  SAN  switch 
knowledge  Qlogic,  Perl,  VXFS  & 
Volume  Manager.  Sun/Compaq 
Alpha  Server/  configuration  and 
troubleshooting,  CISCO  router 
experience. 

Senior  Network/System  Admin¬ 
istrator  with  experience  in  WAN 
/LAN  network  planning,  design, 
installation,  configuration,  upgrade, 
implement  and  administration. 
Extensive  experience  in  Novell 
Netware  4.0/5.0,  Windows  98 
/2000/NT  including  RAID  5  fault 
tolerance. 

Frequent  travel/relocation  required. 
Bachelor  (or  equiv.)  in  C.S.,  Engg. 
or  related  field  required.  Send 
or  email  resume  to  HR  Dept. 
Oakbrook  Terrace  Tower,  One 
Tower  Lane,  Suite  2540,  Oakbrook 
Terrace,  IL  60181  or  raj@ 
rkmcinc.com 


Info  Tech  Support  Specialist. 
Support  netwks,  DBs,  and  users 
In  various  environs.  Maintain 
h/ware,  s/ware,  connectivity,  and 
security.  24-hour  support  program. 
Competitive  salary.  Bachelor 
degree  in  CS,  IS.  or  sim  field,  req'd. 
Must  have  exp  w/  Novell  netwkg, 
through  undergrad  course  work 
or  3  mos  wk  exp  Resumes  to 
Paul  Cornwell,  Asst.  V.P.,  Tech 
Svcs.,  Job  #2416.02,  Irwin 
Mortgage  Corp,  9265  Counselor's 
Row,  Indianapolis,  IN  46240. 
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PeopleSoft  has  opportunities  for  technical 
and  marketing  professionals  in  California 
(Pleasanton,  San  Mateo,  Santa  Clara, 
Encino,  Irvine,  and  other  locations), 
Bethesda.  MD,  Waltham,  MA,  Teaneck,  NJ, 
Atlanta,  GA,  Dallas,  TX,  Miami,  FL  and 
various  other  locations  within  the  U.S.  for: 

Developers  (0801) 

Consultants  (0802) 

System  Analysts  (0803) 

Technical  Support  Analysts  (0804) 

Project  Managers  (0805) 

Marketing  Analysts  (0806) 

For  consideration,  please  send  your 
resume  to:  PeopleSoft,  Attn:  Human 
Resources  Manager,  2377  Gold  Meadow 
Way,  Suite  110,  Gold  River,  CA  95670, 
fax:  916-631-1515.  Please  include  the 
four  digit  code  of  the  position(s)  you  are 
interested  in  on  your  resume  or  cover 
letter.  We  support  workforce  diversity.  Visit 
our  website  at:  www.peoplesoft.com 


PeopleSoft. 


Codesic  seeks  Unix  Sys.  Admin, 
for  Kirkland,  WA  HQ  office. 
DESC:  Admin.  &  maint.  UNIX 
sys.  Anlyz  info,  sys,  id  client  reqs, 
&  rec.  hardware  &  s/w  solns. 
Install  &  config.  app.  &  web 
servers,  RDMBS,  &  progs,  util. 
C++,  Java,  shell  script,  Perl,  & 
HTML.  Mng.  &  config.  disc 
storage.  Set  up  user  accts,  mng. 
password  resets,  &  conduct 
capacity  planning  &  perf.  tuning. 
Anlyz,  troubleshoot  &  deploy 
sys.  apps.  Prep  training  &  trou¬ 
bleshooting  guides.  Conduct  root 
cause  analysis  to  explain  & 
prevent  sys.  &  app.  failures. 
REQ:  BS  in  Engr,  CS,  Math,  or 
Phys.  plus  1  yr  exp.  admin.  & 
maint.  Unix  sys.  Install  &  config. 
app.  &  web  servers,  RDBMS  & 
progs,  util.  C++,  Java,  shell 
script,  Perl  &  HTML.  Mng.  & 
config.  disc  storage.  Mng.  user 
accts,  password  resets,  & 
conduct  capacity  planning  & 
perf.  tuning.  Anlyz,  troubleshoot, 
&  deploy  sys.  apps.  to  meet  bus. 
obj.  Prem.  sal  +  benes  &  bns.  Pis 
reply  to  Tech.  Rec,  Job  #CO-1 03, 
11250  Kirkland  Wy,  Ste  101, 
Kirkland,  WA  98033. 


Quantitative  Systems  Developer  - 
Farmington,  CT  -  Responsible 
for  planning,  designing  &  devel¬ 
oping  mathematical  optimization 
algorithms  &  software  for  use  in 
a  medium  sized  software  system 
dedicated  to  enabling  our  core 
investment  business  -  asset 
management  &  capital  manage¬ 
ment  -  thru  technology.  Respon¬ 
sible  for  integrating  optimization 
software  into  a  strategic  asset 
liability  management  system 
Req'd:  M  S.  degree  in  Maths, 
Engineering,  CompScience  or 
related  w/2  yrs  exp  in  the  job 
offered  or  2  yrs  exp  as  Financial 
Optimization  Systems  Developer 
Must  have  exp  w/designing 
&  developing  Asset  Liability 
Management  (ALM)  System. 
Send  res  to:  Kim  Sliva,  General 
Reinsurance  Corp,  695  East 
Mam  St,  Stamford,  CT  06901 . 


Sr  Infrastructure  Architect: 

Configure  Domino  &  MS  IIS 
Servers,  deploy  desktop  &  NOS; 
messaging  sys  (MS  Exchange 
&  Notes/Dominos);  backup  & 
security  solutions;  &  application 
&  server  management  tools. 
Req:  BS  in  info  sys,  2  yr.  exp  in 
develop/program/or  analysis  & 
cert  in  Domino  R.5  sys  admin  & 
Microsoft  Exchange  Server  5.0. 
Sr  Data  Integration  Architect: 
Development  from  integration 
strategy  of  legacy  systems  (JD 
Edwards,  SAP,  Peoplesoft,  Baan, 
Oracle  Financials)  to  best  prac¬ 
tices  solution  (including  iterative 
development,  testing  and  knowl¬ 
edge  transfer)  using  Domino 
InterDev,  Studio,  LotusScript, 
Lotus  Formula  Language, 
Javascript,  Active  Server  Pages 
w/VBScript  &  COM.  Travel  to 
client  sites  25-50%.  Req:  BS 
soft  eng.,  1  yr  exp  in  develop 
/program/or  analysis  and  cert  in 
Domino.  Perm,  workers  only.  Fax 
resume:  Ryan  Franke,  770- 
698-8885 


Royal  Caribbean  Cruise  Lines 

Database  Administrator 

Electronic  Data  Interchange  (EDI) 
Administrator  for  cruise  line 
industry  leader  located  in  Miami, 
Florida.  Requirements:  Bachelor's 
degree  (or  equivalent)  in  Busi¬ 
ness  Administration  (or  related 
discipline);  Two  years  of  experi¬ 
ence  in  the  job  offered  or  two 
years  of  experience  in  a  position 
in  purchasing,  strategic  sourcing 
management.  Will  consider  ap¬ 
plicants  with  any  suitable  combi¬ 
nation  of  education,  training 
or  experience.  Send  resume 
to:  Ms.  Maria  Diaz,  Human  Re¬ 
sources  Dept ,  Royal  Caribbean 
Cruises  Ltd.,  1050  Caribbean 
Way,  Miami.  FL  33132.  No 
phone  calls  please. 


Seeking  qualified  applicants  for 
the  following  position  in  Memphis, 
TN:  Technical  Advisor.  Provide 
technical  advice  and  expertise  to 
systems  development  project 
groups  in  defining,  developing 
and  reviewing  existing,  as  well 
as  proposed,  applications  for 
major  computer  systems.  Re¬ 
quirements:  Bachelor's  degree" 
in  computer  science,  math,  MIS 
or  related  field  plus  7  years  of 
experience  in  systems/applica¬ 
tions  development,  including 
programming.  Experience  with 
Visual  Basic,  SQL  Server,  and 
Server  hardware  also  required. 
"Master's  degree  in  appropriate 
field  will  offset  2  years  of  general 
experience.  Submit  resumes  to 
Chris  Gibney,  Federal  Express 
Corporation,  2600  Nonconnah 
Blvd.,  Suite  191,  Memphis,  TN 
38132.  EOE  M/F/DAA 


Software  Developers  at  various 
levels  wanted  by  shipping  and 
container  co.  in  Tampa,  Florida. 
Must  have  a  minimum  of  a 
Bachelor's  degree  in  Eng., 
Comp.  Sci.,  or  related  field  plus 
2  yrs.  of  development  exp.  and  1 
yr.  of  European  Shipping  Industry 
exp.  Refer  to  Job  #SDGD100, 
Lykes  Lines  Limited,  LLC  (CP 
Ships).  401  East  Jackson  St., 
Suite  3300.  Tampa.  Florida 
33602. 


Programmer/Analyst:  Multiple 
openings  in  Tallahassee,  FL  to 
analyze  &  model  applications 
using  Rational  Rose.  Program 
TCP/IP  w/  Sockets  &  Winsock. 
Administer  ClearCase  &  Clear- 
Quest.  Create  VOB's,  Views, 
Streams,  Rebasing  Streams 
&  Baselines  of  applications.  De¬ 
ploy  Web  applications  on  Linux, 
Unix  &  Windows.  Create  Enter¬ 
prise  applications  w/  JAVA/OO 
concepts,  JSP,  Servlets,  HTML, 
DB2  &  UML.  Req.  Bachelor's  or 
its  foreign  degree  equiv  in  CS  or 
other  engig  field  +  1  yr.  exp.  in 
job  offered.  Resume  to:  HR  Man¬ 
ager,  OmniSoft,  Inc.,  1265  Com¬ 
pass  Pointe  Crossing,  Alpharet¬ 
ta,  GA  30005 


Programmer  Analyst,  Sr.  Must 
have  Bach  in  Sci  &  5  years 
of  exp.  in  dsgng  &  devlpg  web- 
enabled  inf.  Sys.  Applies  & 
modules  using  Java,  Basic, 
FORTRAN,  ASP,  VB  Script  for 
c/s;  dsgng.  &  dvlpg  RDBMS 
using  Analytical  services,  CUBE, 
DTS  Prg  tools,  SQL  Server 
2000.  Respond  to  HRD,  Sipco 
components  Group,  Inc.,  2 
William  Street,  #  202,  White 
Plains,  NY  10601. 


Web  designing  prod.  Co.  in  NY 
req:  Multi  Media  Producer 
w/Masters  deg  &  1  yr  exp.  to 
supervise  in  video  &  film  pro¬ 
duction,  providing  technical  & 
artistic  expertise  with  regards  to 
camera,  audio,  lighting,  directing, 
etc  &  supervision  in  Web  site 
production,  coordinating  pro¬ 
gramming,  graphic  &  testing 
depts.  Responsible  tor  budgeting, 
scheduling  &  negotiating  w/ 
clients.  Travel  to  various  client 
sites  anywhere  in  US  is  required 
Reply  to:  Recruiter,  Merlin 
Computers  Inc,  805  third  Ave, 
28  fir.  NY,  NY  10022 


COMMUNICATIONS  SPECIAL¬ 
IST/END  USER  SUPPORT  for 
Miami  Bank-Confer  w/systems 
engineers  re  testing  &  support 
end  user  problems  for  both  US  & 
Latin  American  personnel;  Install 
&  configure  new  end-users  & 
operating  systems.  Min.  req: 
Bach  in  Electrical  Engineering  + 
2  yrs  exp  computer  support 
in  banking  industry.  Resume  to: 
Pacific  National  Bank,  HR  Dept., 
P.O.  Box  012620  Miami,  FL 
33101. 


Programmer/Analyst  (Frankfort, 
KY):  Plan,  develop,  test  &  docu¬ 
ment  client/server  computer  pro¬ 
gram.  Develop  windows  based 
applications  using  VB  &  Report 
Generations  using  CRYSTAL 
REPORTS.  Develop  OLEDB, 
Object  linking  &  embedding, 
Dynamic  Database  Exchange  & 
COM  technologies.  40  hr/wk. 
Req.  Bachelor's  or  its  foreign 
degree  equiv.  based  on  educa¬ 
tion  and/or  exp.  in  CS/Engg,  MIS 
or  other  science/engg  field  + 
2yrs  exp.  in  job  offered.  Resume 
to:  HR  Mangr,  Software  Services 
&  Resources,  Inc.,  3574  Old  Mil- 
ton  Pkwy,  Alpharetta,  GA  30005 


SYSTEMS  ANALYST/PROGRA¬ 
MMER  for  telecommunications 
service  provider-Develop  & 
implement  software  solutions; 
Research,  design  &  develop 
software  systems  &  analyze 
software  requirements.  Min. 
Req.  Bach  in  Comp.  Sci  +2  yrs 
exp.  Resume  to:  Pay  Smart 
America,  Inc.  HR  Dept.,  1500 
West  Cypress  Creek  Road.  Ste: 
407,  Ft.  Lauderdale,  FL  33309. 


Programmers,  Jr.  Programmers, 
Software  Engineers  [SCADA 
Apps.]  Design,  develop,  test  and 
implement  specialized  apps.  in 
SCADA  and  related  technolo¬ 
gies.  prevailing  wage/benefits. 
Send  resume  to  Attn:  Mr.  G.R. 
Patel,  G.R.  Patel  &  Associates, 
Inc.;  P.O.  Box  1 008,  Waldorf.  MD 
20604.  EOE. 


Software  Systems  Engineer  (Sr 
Q A  Analyst)  Req.  min  MSCS  + 
2  yrs  s/w  QA  exper.  Write  test 
plans,  test  cases.  &  auto,  test 
suites  using  Winmnner.  WebTest. 
TEAM,  SQA  Robot,  load  testing 
tools.  Design,  develop,  test,  de¬ 
bug  computer  s/w  systems  in¬ 
volving  o-o  technologies  for  fin. 
apps.  using  C/C++.  Visual  C++, 
Windows,  UNIX,  algorithm 
analysis/design.  Resolve  com¬ 
plex  system-level  issues.  ITG- 
SSI.  Inc.  Culver  City,  CA.  Email 
resume  w/cvt  Itr  addressing  reqts 
to  hr@itgssi.com  Ref:  1122.21. 


Assistant  to  Software  Engineer. 
Assist  S/W  Eng.  In  programming 
&  testing  in  Java  &  C++  for  h/w 
product  integration  &  s/w  inter¬ 
face.  Req:  Bachelors  in  Com¬ 
puter  Sci.,  Electronics  Eng.,  or 
Computer  Eng.  40  hr-wk.  Job  In¬ 
terview  Site:  LA,  CA.  Send 
resume  to  Mitratech,  3539  Motor 
Ave.,  LA,  CA  90034. 


Engineering  System  Analyst:  De¬ 
sign  &  code  software  for  metal 
plate  connected  (MPC)  wood 
trusses.  Develop  advanced  truss 
system  analysis  methods  to 
reduce  wood  used  in  truss 
systems.  Perform  joint  &  full-scale 
truss  tests  for  ANSI  standard  dvlp- 
mts.  Req.  MS  or  it’s  foreign  degr 
equiv  in  Civil  Engg  +  min.  of  lyr 
exp.  in  job  described  or  1  yr  exp.  in 
wood  engineering  research  &  pro¬ 
gramming  using  C++,  MFC,  COM. 
Resume  to:  Engineering  Manager, 
TEE-LOK  Corp.,  818  Soundside 
Rd„  Edenton,  NC  27932 


Software  Applications  Engineer 
(Tampa,  FL):  Diagnose  &  solve 
multi-vendor  software  integra¬ 
tion  problems  &  provide 
changes.  Create  relational  data¬ 
base  work  w/  Oracle  8i/9i, 
SQL" Loader,  Export,  Import, 
SQL'Plus,  PL/SQL,  OEM,  Net 
Manager,  TOAD,  Qdesigner,  Er- 
win3.x,  VB6.0,  .Net,  Sun  Solaris 
7.0,  Citrix  Server.  Req.  Bache¬ 
lor's  or  its  foreign  degree  equiv 
in  CS,  C  Engg,  Civil  Engg  or  re¬ 
lated  field  +  2  yr  exp.  in  job  of¬ 
fered.  40  hrs/wk.  Resume  to  Job 
code  FL02,  HR,  Atex  Media  Com¬ 
mand,  15  Crosby  Dr,  Bedford, 
MA01730. 


Software  Engineers,  Programmers 
and  Jr.  Programmers 
Design,  develop,  test  and  imple¬ 
ment  specialized  applications  in:  (A) 
C,  OAS,  MTS,  VB/ASP,  IIS,  XML, 
XSL,  Visual  Interdev,  SQL  Server, 
Oracle  and  related  tools.  Access 
and  3rd  party  utilities.  (B)  Financial 
applications  with  Oracle  and  relat¬ 
ed  tools,  Java,  Pro'C,  Erwin, 
HPUX,  SQL’Loader,  Unix  Shell 
Scripting.  Prevailaing  wage/bene¬ 
fits.  Experience  required.  To  apply 
or  for  detailed  info,  send  resume  or 
contact  Ratan  Eluganti,  enGenius 
Consulting  Group,  Inc.,  31 00  Breck- 
enridge  Blvd.,  Ste  100,  Duluth,  GA 
30096.  EOE. 


Technical  Analyst  wanted  by  a 
Telecommunications  Services 
co.  in  Greenwood  Village.  CO. 
Must  have  a  Bachelor’s  degree 
(or  equiv.  exp.)  in  Information 
Mgnt.  or  related  field  plus  5  yrs. 
of  exp.  as  Technical  Analyst 
including  Travel  Technical  exp. 
with  3  yrs  of  product  development 
exp.  in  assigned  function  variations 
&  3  yrs.  of  European  Market  exp. 
Refer  to  Job  #5051 ,  Bill  Ramsey, 
5350  S.Valentia  Way,  Greenwood 
Village,  CO  80111. 


Programmer.  Jr.  position.  Asst, 
programming  in  ORACLE,  MS 
SQL,  Microsoft  Visual  Basic, 
Visual  C++,  Visual  FoxPro, 
Imprise  J  Builder,  JAVA,  ASP  & 
Java  Script.  Req:  Bachelors  in 
Comp.  Sci.  or  Comp.  Eng.  40 
hr/wk.  Job/Interview  Site:  Irvine, 
CA.  Send  resume  to  Forte-Gear 
International,  Inc.,  2807  Barranca 
Pkwy,  Irvine,  CA  92606. 


Software  Engineers  (Idaho  Falls): 
Design,  develop,  test  and  imple¬ 
ment  specialized  multi-country, 
multi-site,  ERP  and  CRM  appli- 
caitons  in  JD  Edwards  One 
World  XE  and  related  tools, 
XML,  VB,  SQL,  and  Windows. 
MS,  Sc./Engg.  and  3  yrs.  exp. 
in  job  offered  or  BS,  Sc./Engg. 
and  5  yrs.  progressive  post 
baccalaureate  exp.  reqd.  (or  for¬ 
eign  equiv.)  Prevailing  wage 
/benefits.  Melaleuca,  Inc.,  Attn: 
Human  Resources,  3910  South 
Yellowstone  Highway,  Idaho 
Falls,  Idaho  83402.  No  phone 
calls  please.  EOE. 
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hiring  us. 

Call  your 
ITcareers  Sales 
Representative  or 
Janis  Crowley  at 
1-800-762-2977. 


ITcareers 


IT  careers.com 


IT 


where  the  best  get  better 
1-800-762-2977 


Become  a  Rlicrosoft  Windows  2000  Security  Expert. 

It’s  easy.  Just  point,  dick  and  choose  the  format  that  works  best  for  you: 
•CD-ROm  •Web-Based  *hands-0n  •Uirtua l  Classroom 

Uisit  netSmart  today  at  uuuui.numetsmart.com 


■  Editorial  Index 


A 

Infnnet 

8 

Pulse 

—34 

A^a  Nptwnrks 

41 

Intel 

32 

AI&T  .Wireless. 

_ 23 

R 

AT&T 

93  sfi 

J 

Badware 

_ 41 

Javplina  Software 

21 

B 

S 

BellSouth— 

28 

K 

■ARC  Communications 

93.98 

Keyspan 

_ 34 

Aprint  PC..A 

_ 23 

C 

Sprint 

_ 23 

Caldera 

fi 

L 

Symhol  Technologies 

_ IQ 

41 

Laocope 

_ 41 

P.ingular 

93 

Linksys 

34 

T 

If)  17 

1  ngitanh 

_ 34 

Touch  America 

32 

CAS 

41 

Traxass 

_ 21 

P.yherSnurre 

_ 21 

M 

Mazu  Networks 

41 

U 

D 

Microsoft 

fi,  .58 

t  ISA  Technologies 

6 

DAFT 

32 

USintemetworking 

_ 23 

F 

N 

Natgear 

_ 34 

V 

EoroeTO  Networks 

_ U 

Net.Acrean  Technologies 

18 

Verizon 

93  98 

Network  Associates 

91 

Vnire.Strenm 

_ 23 

G 

Nextel 

_ 23 

Vnyen 

_ 32 

_ 8 

Nortel _ 

fi 

Novell 

_ 1 

W 

H 

Wehscreen 

41 

Hatteras  Networks 

_ 32 

0 

WorldCom 

_ 6 

Hewlett-Packard 

fi  in  17 

Opsware _ 

_ 8 

1 

P 

z 

7hnne 

_ 32 

IBM 

6.21 

PeopleSoft _ 

91,93 

Advertiser  Index 


ArfvartlKftr _ 

Aritran _ 

Avnr.pnt  Corp _ 

Dell  Computer  Corp _ 

ritSftarr.h  f.nrp _ 

Fquinnx  Systems  I  nr _ 

Foundry  Networks _ 

Glnhal  Ter.hnnlnpy  Associati 

Hewlett  Packard _ 

IBM 

IBM 


Page  # 

_ 60  wwyi 


_ wvmavQcentCQm 

www.rielLcom/sfirverROI 
_ wwwjJtsearch.com 

lr.ynelworks.com/fes 
.  www.Qta.com 


hp.com/9Q/proliant34 


-2:3 


www.ihm.com/ehtisiness 


29  www.ibm.com/eserver/etrade 


1BM 


.30:31 


www.ibm.com/eserver/weather2 


1BM 


42-43 


Intel  Corp 


-.wwwjhm.com/esarver/winnebaQQ 


3  www.mte.LcQm/QQ/riesktQpQiQ 


Kyocera  Mita 


1L 


www.kyoceramita.com 


Microsoft  Corp  24-25 

Network  .Instruments 

Network  Technologies 


www.mir.rQSQf.hcom/enterprisR/security 

5Qwww.networkinstruments.com 

_ 52 _ www.ntil.CQm/sD 


Quantum 


93 


www  M9fS0f)  onm 


H1M 


RRr.nrlRC  Inf. 


www.hlankhRrry.rnm 


52 


wwwrnr.nrlpr.nnm 


Rosa  FlBr.trnnirs 


51 


SANavipatnr 


35 


ShnrfilinR  Communications  Inc 


www.sanauioatnr.r.nm/SRRil/nfit5 


 53 

51 

97 

52 

53 

Network  World  Fusion 

-  www.nwfusion.com 

AT4T 

Netscreen 

Adtran 

Network  Associates 

Agilent  Technologies 

Nokia 

Akamba 

Northern  Parklife 

American  Power  Conversion 

Novell 

■  Network  World  118  Turnpike  Road.  Southborough, 

MA  01772-9108,  (508)  460-3333. 

Periodicals  postage  paid  at  Southborough,  Mass.,  and  addi¬ 
tional  mailing  offices.  Posted  under  Canadian  International 
Publication  agreement  #40063800.  Network  World  (ISSN  0887- 
7661)  is  published  weekly,  except  for  a  single  combined  issue 
for  the  last  week  in  December  and  the  first  week  in  January  by 
Network  World.  Inc.,  118  Turnpike  Road.  Southborough,  MA 
01772-9108. 

Network  World  is  distributed  free  of  charge  in  the  U.S.  to  qual 
ified  management  or  professionals. 


Appian  Communications 

Opalis  Software 

Blue  Arc 

Opticom,  Inc 

Bo  Id  Fish 

Peregrine  Systems,  Inc 

BoostWorks 

Peribit  Networks 

Brocade 

PlateSpin 

Business  Layers 

Proxim,  Inc 

Byte  and  Switch.com 

Qwest 

Cisco  Systems 

Radware 

ClickArray  Networks 

Raxco 

Compaq 

Redline  Networks 

Computer  Associates  International 

Sangoma 

Connectix 

Siemens 

DLTtape 

Silverback 

Ecora 

Space  Design  Technology 

Expertcity 

SSH  Communications 

F5  Networks 

Stalker  Software 

FineGround  Networks 

Stardust 

Fireclick,  Inc 

Sun  Microsystems 

Fluke  Networks 

Sybase 

Global  Technology  Associates,  Inc 

Sygate  Technologies,  Inc 

IBM 

Telogy  Networks,  Inc 

InteO 

UltraDNS 

Mangosoft,  Inc 

VNCI 

McData  Corp 

Volera 

Mercury  Interactive 

WaveSmith  Networks 

Mirapoint 

Websense 

mWired 

Wintenals 

NSI 

WinredRed  Software 

NetlQ  Corp 

Zixit 

NetQoS 

These  indexes  are  provided  as  a  reader  service.  Although  every 
effort  has  been  made  to  make  them  as  complete  as  possible,  the 
publisher  does  not  assume  liability  for  errors  or  omissions. 

•Indicates  Regional  Demographic 


from  front  cover  of  the  publication. 

Network  World  can  be  purchased  on  35mm  microfilm 
through  University  Microfilm  Int.,  Periodical  Entry  Dept.,  300 
Zebb  Road,  Ann  Arbor, Mich.  48106. 

PHOTOCOPYRIGHTS:  Permission  to  photocopy  for  internal 
or  personal  use  or  the  internal  or  personal  use  of  specific 
clients  is  granted  by  Network  World,  Inc.  for  libraries  and  other 
users  registered  with  the  Copyright  Clearance  Center  (CCC), 
provided  that  the  base  fee  of  $3.00  per  copy  of  the  article,  plus 
50  cents  per  page  is  paid  to  Copyright  Clearance  Center,  27 
Congress  Street,  Salem,  Mass.  01970. 


■  Network  World,  Inc. 

118Turnpike  Road,  Southborough,  MA  01772 
Phone:  (508)  460-3333 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 


■  Sales  Offices 


Carol  Lasker.  Associate  Publisher/Vice  President 
JaneWeissman,  Sales  Operations  Coordinator 
Internet:  clasker.  jweissman@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 


EvileeThibeault,  CEO/Publisher 

John  Gallant,  President/Editorial  Director 

Eleni  Brisbois,  Administrative  Planning  Manager 

FINANCE/BUSINESS  SERVICES 

Mary  Fanning,  Vice  President  Finance 

Paul  Mercer,  Finance  Manager 

Mary  Kaye  Newton,  Billing/AP  Coordinator 

Frank  Coelho,  Senior  Manager,  Business  Services 

LisaThompson,  Business  Services  Administrator 

Mark  Anderson,  Business  Services  Supervisor 

Kevin  McMillen,  Business  Services  Coordinator 

HUMAN  RESOURCES 

Elizabeth  Price,  Director  of  Human  Resources 
Eric  Cormier,  Human  Resources  Representative 

MARKETING 

TerryAnn  Croci,  Director  of  Marketing 

Barbara  Sullivan,  Senior  Research  Analyst 

Nancy  Petkunas,  Prod.  Marketing  Mgr.  Events/Online 

Judy  Schultz,  Senior  Graphic  Designer 

Cindy  Panzera,  Graphic  Specialist 

GLOBAL  PRODUCT  SUPPORT  CENTER 


New  York/New  Jersey 

'  Tom  Davis,  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Sales  Manager 
Aimee  Jacobs,  Sales  Associate 
Internet:  tdavis,  elisas,  ajacobs@nww.com 
(201)  587-0090/FAX.  (201)  712-9786 

Northeast 

Donna  Pomponi,  Regional  Sales  Manager 
Kathryn  Zinn,  District  Manager 
Caitlin  Horgan,  Sales  Assistant 
Internet:  dpomponi,  kzinn,  chorgan@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 

Mid-Atlantic 

I  Jacqui  DiBianca,  Regional  Sales  Manager 
Marta  Hagan,  Sales  Assistant 
Internet:  jdibian,  mhagan@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 

Midwest/Maryland 

Eric  Danetz,  Senior  District  Manager 
Aimee  Jacobs,  Sales  Associate 
Internet:  edanetz,  ajacobs@nww.com 
(201)  587-0090/FAX:  (201)  712-9786 


Nancy  Parquette,  Sr.  Production  Marketing  Manager 
Print/GPSC 

ADVERTISING  OPERATIONS 

Karen  Wallace,  Senior  Director  of  Advertising  Operations 
Maro  Eremyan,  Advertising  Coordinator 
VeronicaTrotto,  Advertising  Coordinator 
Cara  Peters,  Direct  Response  Ad  Coordinator 

PRODUCTION 

Ann  Finn,  Senior  Production  Director 
Greg  Morgan,  Senior  Production  Manager 
Mike  Guerin,  Senior  Print  Buying  Supervisor 
Jami  Thompson,  Ad  Traffic  Coordinator 

CIRCULATION 

Richard  Priante,  Senior  Director  of  Circulation 
Darcy  Beach,  Circulation  Operations  Manager 
Bobbie  Cruse,  Subscriptions  Manager 
Mary  Mclntire,  Senior  Marketing  Specialist 

RESEARCH 

Ann  MacKay,  Research  Director 

DISTRIBUTION 

BobWescott,  Distribution  Manager/(508)879-0700 

IDG  LIST  RENTAL  SERVICES 

Paul  Capone,  Account  Executive 

P.O.  Box  9151,  Framingham,  MA  01701-9151 

(800)  343-6474/(508)  370-0825,  FAX:(508)  370-0020 

SEMINARS  AND  EVENTS 

Robin  Azar,  Vice  President  of  Events 

Michele  Zarella,  Director,  Events  Business  Development 

Sandra  Gittlen,  Events  Editor 

Betty  Amaro-White,  Event  Finance  Manager 

Neal  Silverman,  Senior  Director  of  Event  Sales 

Andrea  D'Amato,  Sales  Director/Strategic  Partnerships 

Kristin  Ballou,  Senior  Event  Sales  Manager 

Sandy  Weill,  Event  Sales  Manager 

Maureen  Riley,  Event  Sales  Manager 

Judy  Tyler,  Sales  Operations  Specialist 

Debra  Becker,  Dir.,  Marketing  &  Audience  Development 

Kristin  Wattu,  Senior  Marketing  Specialist 

Sean  Landry,  Web  Producer 

Timothy  Johnson,  Marketing  Coordinator 

Jill  Keaveney,  Senior  Event  Planner 

Tim  DeMeo,  Event  Coordinator 

ONLINE  SERVICES 

Alonna  Doucette,  V.P.,  Online  Services 

Hillary  Freeley,  Director,  Online  Audience  Development 

Deborah  Vozikis,  New  Media  Design  Manager 

Adam  Gaffin,  Executive  Editor,  Online 

Melissa  Shaw,  Managing  Editor,  Online 

Jason  Meserve,  Multimedia  Editor 

Sheryl  Hodge,  Online  Copy  Chief 

Christopher  Cormier,  Web  Producer 

INFORMATION  SYSTEMS 

W.  Michael  Draper,  V.  P.  Systems  &  Technology 
Anne  Nickinello,  Director  of  New  Media  Services 
Tom  Kroon,  Senior  Software  Engineer/Architect 
William  Zhang,  Senior  Software  Engineer 
Rocco  Bortone,  Senior  Network  Manager 
Peter  Hebenstreit,  Network  Specialist 
Kevin  O'Keefe,  Systems  Support  Manager 
Brian  Wood,  Senior  Systems  Support  Specialist 
Puneet  Narang,  Manager  of  DatabaseTechnologies 
Pam  Gertsios,  Database  Specialist 


Central 

Dan  Gentile,  Midwest  Regional  Director 
Gracie  Vela,  Sales  Assistant 
Internet:  dgentile,  gvela@nww.com 
(512)  249-2200/FAX:  (512)  249-2202 

Northern  California 

Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Miles  Dennison,  Regional  Sales  Manager 
Sean  Weglage,  Senior  District  Manager 
Teri  Whitehair,  Office  Manager/Exec.  Asst. 

Berit  Einsiedl,  Sales  Assistant 

Internet:  skupiec,  mdennison,  sweglage,  twhitehair 

beinsiedl@nww.com 

(650)  577-2700/FAX:  (650)  341-6183 

Northwest/Rockies 

Karen  Wilde,  Regional  Sales  Manager 

Lara  Greenberg,  Regional  Sales  Manager 

Kim  Gaffrey,  District  Manager 

Internet:  kwilde,  Igreenberg,  kgaffrey@nww.com 

(650)  577-2700/FAX:  (650)  341-6183 _ 

Southwest 

Becky  Bogart  Randell,  District  Manager 

Angela  Norton,  Sales  Assistant 

Internet:  branded,  anorton@nww.com 

(949)  250-3006/FAX:  (949)  833-2857 _ 

Southeast 

Don  Seay,  Regional  Sales  Manager 

Caitlin  Horgan,  Sales  Assistant 

Internet:  dseay,  chorgan@nww.com 

(404)  845-2886/FAX:  (404)  250-1646 _ 

Custom  Publishing 

Shaun  Budka,  Custom  Media  Solutions  Manager 
Internet:  sbudka@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 

Fusion 

Alonna  Doucette,  Vice  President  Online  Development 
James  Kalbach,  Director,  of  Online  Sales 
Stephanie  Gutierrez,  Online  Account  Manager 
Debbie  Lovell,  Online  Account  Manager 
Kristin  Baker,  Sales  Operations  Manager 
Internet:  adoucette,  jkalbach,  jmschwartz, 
sgutierrez,  dlovell,  kbaker@nww.com 
(610)  341-6025/FAX:  (610)  971-0557 


MARKETPLACE 

Response  Card  Decks/MarketPlace 

Richard  Black,  Director  of  Marketplace 
Karima  Zannotti,  Senior  Account  Manager 
Enku  Gubaie,  Senior  Account  Manager 
Amie  Gaston,  Account  Manager 
Sharon  Stearns,  Sr.  Media  Dev.  &  Operations  Mgr. 
Chris  Gibney,  Sales  Operations  Coordinator 
Internet:  rblack,  kzannott,  egubaie,  agaston, 
sstearns,  cgibney@nww.com 
(508)  460-3333/FAX:  (508)  460-1192 


IT  CAREERS 

VP/General  Manager,  Janis  Crowley,  East  Regional  Manager. 
Deanne  Holzer,  Midwest  Regional  Manager,  Laura  Wilkinson, 
Operations  Director,  Donna  Kent,  Advertising  Coordinator, 
Leilani  Lopez,  Marketing  Specialist,  HeidiTanakatsubo.  Sales 
Support, Tina  Silveira,  Sales  Support,  Nikki  Wilson  (800)  762- 
2977/FAX:  (650)  286-2770 


■  IDG 

Patrick  J.  McGovern,  jhairman  of  the  Board 

Kelly  Conlin,  CEO 

Network  World  is  a  publication  of  IDG,  the  world's  largest 
publisher  of  computer-related  information  and  the  leading 
global  provider  of  information  services  on  information  tech 
nology.  IDG  publishes  over  275  computer  publications  in  75 
countries.  Ninety  million  people  read  one  or  more  IDG  publi 
cations  each  month.  Network  World  contributes  to  the  IDG 
News  Service,  offering  the  latest  on  domestic  and  interna 
tional  computer  news. 


To  apply  for  a  free  subscription,  complete  and  sign  the  qualifi¬ 
cation  card  in  this  issue  or  write  Network  World  at  the  address 
below.  No  subscriptions  accepted  without  complete  identifica 
tion  of  subscriber's  name,  job  function,  company  or  organiza 
tion.  Based  on  the  information  supplied,  the  publisher  reserves 
the  right  to  reject  non-qualified  requests.  Subscriptions:  1  508 
490-6444. 

Nonqualified  subscribers:  $5.00  a  copy:  U.S.  $129  a  year 
(except  Washington.  DC, $136.74);  Canada  $160.50  (including 
7%  GST,  GST#126659952);  Central  4  South  America  $150  a 
year  (surface  mail);  Europe  ■  $205  a  year  (surface  mail),  all 
other  countries  $300  a  year  (airmail  service).  Four  weeks 
notice  is  required  for  change  of  address.  Allow  six  weeks  for 
new  subscription  service  to  begin.  Please  include  mailing  label 


POSTMASTER:  Send  Change  of  Address  to  Network  World 
P.O.  Box  3090,  Northbrook,  IL  60065. 


WBPA 

▼  IMTHWUIIOIUI.* 


Copyright  2002  by  Network  World,  Inc.  All  rights  reserved. 
Reproduction  of  material  appearing  in  Network  World  is  for¬ 
bidden  without  written  permission. 

Reprints  (minimum  500  copies)  and  permission  to  reprint  may 
be  purchased  from  Reprint  Management  Services  at  (717)  399 
1900  x124  or  rtry@rmsreprints.com. 

USPS735-730 


lUntllinH/lMnrlH  Ne,work  World  Seminars  and  Events 

IlilWUI KVVU  U  . . .  ill,  "Vn'.i.t- -.f'-i.'i.i". 

- : -  n  cities  nationwide  covering  the  latest 

seminars  W  BVBntS  networking  technologies  All  of  our  sem 
inars  are  also  available  for  customized 
on-site  training.  For  complete  and  immediate  information  on 
our  current  seminar  offerings,  call  a  seminar  representative  at 
8006434668.  or  go  to  www.nwfusion.com/  seminars. 


Publicize  your  press  coverage  in  Network 
World  by  ordering  reprints  of  your  editorial 
mentions.  Reprints  make  great  marketing 
materials  and  are  available  in  quantities  of 
500  and  up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399-1900  x124 
or  E-mail:  rtry@rmsreprints.com 


BackSpin  Mark  Gibbs 


^wofVWorldj 


9/2/02 


www.nwfusion.com 


Losing?  The  war  has  been  lost! 


“You  are  receiving  this  e-mail  as  a 
valued  customer  of  Pier  l  Imports . . . 
We  want  you  to  be  the  first  to  know 
about  upcoming  events  and  savings, 
and  we  think  e-mail  is  the  best  way 
to  do  that.  May  we  add  you  to  our 
e-mail  list?  If  it's  OK, you  need  do  nothing  — your 
name  will  be  added  automatically" 

—  Spam  masquerading  as  Customer  Service  from 
Pier  1  Imports,  received  Aug.  27 

As  regular  readers  of  this  column  know,  I  find  spam 
extremely  irritating.  Using  spam  as  a  marketing  tool  is 
like  using  dynamite  for  fishing:  It  is  ugly,  always  deliv¬ 
ers  overkill  and  damages  the  environment. 

Unfortunately, spam  is  becoming  an  accepted  way 
of  doing  business.  Once  only  the  province  of  people 
selling  cell  phone  antennas, Viagra  and  penis  en¬ 
largement,  spam  has  become  acceptable,  sadly  to 
serious  commercial  entities. 

After  1  got  the  above  message,  I  called  Pier  1  and 
spoke  to  Steve  Woodward, senior  manager  of 
Internet  operations. 

Steve,  a  charming  fellow,  explained  that  Pier  1 
hadn’t  just  bought  a  list  and  spammed.  Nope,  what  it 
did  was  take  a  list  of  Pier  1  customer  accounts  and 
had  a  bureau  cross-reference  it  to  e-mail  addresses. 
Steve  said  the  bureau  claimed  the  list  was  an“opt-in 


only”  list. 

Now  it's  true  that  my  wife  and  I  had  an  account 
with  Pier  1  —  about  five  years  ago.  And  if  the  bureau 
wasn’t  lying  outright  about  the  list  being  opt-in,  it  was 
at  least  guilty  of  lousy  data  hygiene  and  sourcing. 

The  fine  issues  of  misuse  of  data  might  be  signifi¬ 
cant  here.  When  my  wife  and  I  signed  up  for  an 
account  with  Pier  l,we  didn’t  give  them  permission 
to  research  the  rest  of  our  lives. 

“But  it’s  only  your  e-mail  address  they  went  look¬ 
ing  for,”  some  might  say  Well,  responsible  compa¬ 
nies  have  privacy  policies  that  cover  how  they  will 
use  your  data,  and  I  have  yet  to  see  one  that  says, 
“We  will  use  your  data  no  matter  how  ancient  to 
target  you  for  any  old  marketing  campaign.” 

Steve  told  me  that,  contrary  to  my  expectation,  a 
similar  spamarketing  campaign  of  130,000  e-mailings 
generated  something  like  two  complaints. 

So  the  bottom  line  is  this:  Ladies  and  gentlemen,  I’d 
like  to  officially  announce  that  the  war  on  spam  has 
been  lost. 

Forget  how  much  you  and  your  peers  loathe 
spam;  forget  the  financial  burden  on  your  organiza¬ 
tions  for  bandwidth,  storage  and  manpower  to  han¬ 
dle  spam;  forget  the  black  hole  lists  and  open  relay 
lists.  Forget  it  all. 

If  commercial  giants  find  it  acceptable,  and  con¬ 
sumers  don’t  seem  to  mind,  then  spam  is  here  to 


stay  and  we’d  better  just  get  used  to  it. 

How  did  this  happen?  How  did  real  business 
adopt  the  tactics  of  the  fly-by-night  salesmen?  I 
think  the  line  between  spam  and  nonspam  got 
blurred  when  real  marketers  saw  what  the  punks 
were  doing. 

A  few  of  them,  the  risk-takers,  developed  more 
sophisticated  pitches  that  looked  like  targeted  mes¬ 
sages  and  purchased  opt-in  lists, and  then  didn’t  get 
pilloried  when  they  ran  their  campaigns. 

The  first  few  commercial  renegades  set  the  scene, 
and,  seeing  their  success,  the  rest  of  the  suits  joined 
in.  And  how  could  they  not?  There  was  no  conse¬ 
quence  of  any  note,  there  was  no  shaming  in  the 
press,  and  nobody  got  fired. 

So  here  we  are.  Pier  1 ,  an  otherwise  responsible 
company  is  spamming  with  the  best  of  them.  And  no 
one  cares. 

The  Pier  1  message  went  on:“If  you’d  prefer  not  to 
receive  emails,  just  click  the  link  at  the  bottom  of  this 
message  by  Aug.  30, 2002.  We’ll  delete  your  name 
from  our  list  immediately  Of  course  once  your  name 
is  added, you  may  remove  it  at  any  time.  But  we’re 
betting  you  won’t  want  to.” 

They’re  betting  I  won’t  want  to  or  perhaps  that  I’m 
just  too  damn  weary  to  care.C’est  la  guerre. 

Commiserations  to  backspin@gibbs.com. 


uzz  News,  insights,  opinions  and  oddities 


By  John  Fontana 

Throwing  curves 

While  the  real  Buzz  is  off  contemplating  how  last 
week's  narrowly  adverted  baseball  strike  will 
inevitably  come  back  to  bite  Joe  Fan’s  pocketbook, 
Surrogate  Buzz  is  taking  this  space  for  another  test 
drive  and  wondering  how  the  baseball  quagmire  is 
similar  to  the  software  licensing  changes  instituted 
30  days  ago  by  Microsoft. 

In  the  baseball  situation,  fans  knew  that  whatever  happened  they  would  pay.  A 
strike,  and  baseball  would  have  packed  up  and  gone  home,  leaving  fans  in  the  lurch. 
An  agreement,  and  fans  eventually  pay  more  to  see  the  sport  they  have  come  to  rely 
on  for  summer  drama.  But  the  product,  watered  down  after  years  of  expansion  and 
skyrocketing  salaries,  is  routinely  nowhere  near  the  quality  that  fans  expect. 

Any  familiar  chords  here? 

Microsoft's  new  licensing  program,  dubbed  Licensing  6.0,  snares  users  whether 
they  choose  to  sign  up  or  whether  they  shun  it.  Those  that  sign  up  can  see  soft¬ 
ware  costs  jump  as  much  as  100%,  according  to  some  users  and  surveys.  And 
those  that  shun  the  program  will  be  hit  with  penalties  when  they  do  decide  to 
upgrade. 

And  users  suffer  the  indignity  of  paying  more  for  products  that  seem  to  have 
security  leaks  at  every  turn.  Nearly  a  dozen  serious  flaws  have  been  discovered 
over  the  past  month  in  products  such  as  Windows  2000,  SOL  Server,  Office  and 
Internet  Explorer.  Have  you  applied  your  patches  today  and  mailed  your  licensing 

payment? 

Just  like  baseball,  no  matter  what  happens,  a  percentage  of  Microsoft  users  will 
stay  the  course  and  take  their  lumps. 


But  the  rules  of  licensing  game  are  getting  so  screwy  that  serious  decisions  to 
move  to  alternatives  have  to  be  made. 

With  Licensing  6.0  and  its  maintenance  sidekick,  Software  Assurance,  companies 
sign  two-  or  three-year  agreements  that  provide  access  to  software  upgrades.  But 
here's  one  interesting  rub.  If  products  aren’t  upgraded  during  that  cycle,  users  have 
paid  for  software  they  never  received. 

Look  at  Windows. Net  Server,  delayed  a  year  and  set  to  ship  nearly  three  years 
after  Windows  2000.  And  next-generation  Exchange  Server  was  delayed  at  least  two 
years  in  favor  of  an  “interim"  release  that  amounts  to  a  fancy  service  pack. 

Get  the  picture? 

It's  a  scenario  that  eventually  might  alter  Microsoft’s  familiar  marketing  refrain: 

“We  won't  ship  software  until  our  customers  tell  us  it  is  ready."  What  we  might  see  is 
something  like:  "Here’s  what  we  have  now  and  stay  tuned  for  the  service  pack." 

The  alternatives  are  out  there,  but  they  require  some  tough  decisions.  Many  users 
are  testing  StarOffice  as  an  alternative  to  Microsoft  Office.  Not  every  user  needs  the 
full-blown  Office  suite,  so  it  becomes  a  logical  place  to  reduce  license  obligations. 

Another  is  in  the  Linux  realm  where  trusted  network  companies  such  as  Sun, 
Hewlett-Packard  and  IBM  are  pressing  hard  with  competent  products  to  win  con¬ 
verts  from  Windows. 

And  there  is  always  the  art  of  the  negotiation.  Insiders  say  Microsoft  cut  some 
sweet  deals  with  those  willing  to  stand  up  to  Licensing  6.0.  And  company  CEO 
Steve  Ballmer  said  in  July  that  Microsoft  would  work  with  customers  to  make  sure 
they  received  fair  deals. 

That's  a  telegraphed  pitch  for  any  enterprise  home  run  hitter.  So  corporate  execu¬ 
tives  should  do  what  Major  League  Baseball  might  not:  Play  ball! 

The  real  Buzz  is  a  lock  to  return  next  week  and  for  many  weeks  to  come.  Fontana 
can  be  reached  at  jfontana@nww.com. 
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Dell  server  consolidation. 

Saves  money. 

Saves  space. 

Spells  doom  for  your  old  servers. 
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Dell  |  Enterprise 


Dell  PowerEdge'  Servers  use  Intel*  Xeon’  Processors. 


Consolidate  with  Dell  and  you'll  need  to  find  a  new  use  for  your  old  servers. 

What  kind  of  server  consolidation  solutions  does  Dell  bring  to  your  enterprise?  Just  what  you'd  expect:  A  legendary  focus  on  you, 
the  customer,  that's  as  relentless  as  our  focus  on  driving  down  costs.  An  end-to-end  solution  that  saves  you  money  today  and 
tomorrow  by  delivering: 

«  Maximum  flexibility,  manageability,  value  and  price/performance.  Our  new  line  of  PowerEdge” servers,  powered 
by  Intel®  Xeon®  processors,  that  consistently  rank  at  the  top  of  industry  benchmarks  such  as  TPC*  Collectively  lowering 
TCO  and  accelerating  time  to  ROI. 

«  Optimized  uptime/maximized  investment.  Dell's  new  systems  management  solutions  deploy  software,  tools 
and  services  which  simplify  and  automate  server  systems  administration.  Leveraging  your  IT  resources  and 
maximizing  your  IT  dollar. 

«  Server  consolidation  services.  Our  comprehensive  portfolio  includes  consolidation  readiness  assessment,  consolidation 
design  and  transformation,  customer  training  and  certification,  deployment  and  high  availability  support  services. 

®  Flexible  financing  alternatives.  Dell  gives  you  a  variety  of  financing  avenues  designed  to  help  you  optimize  ROI. 


For  nearly  20  years,  we've  revolutionized  the  way  the  world  buys  and  manages  technology.  Now  find  out  how 
»»»  Dell's  direct  approach  can  revolutionize  your  server  consolidation.  To  learn  more  about  the  Dell  ROI  test,  visit 

www.dell.com/serverROI  or  call  us  toll-free  at  1-877-434-DELL. 


Flexible  solutions  that  can  cut  costs  today  and  tomorrow.  Easy  as 


I  " 


Call  1-877-434-DELL  or  visit  www.dell.coni/serverROi 


‘Per  TPC-W  100.000  Item  Count  Results  Test.  June  ZOO?.  For  more  information,  visit  wwwtpc.org.  TPC  and  TPC-W  are  trademarks  of  the  Transaction  Processing  Performance  Council.  Intel,  the  Intel  logo  and  Xeon  are  trademarks «  registered  trademarks  of  Intel  Ccrpo'anori  or  ns  ji  srdiai les  m 
the  United  Stales  and  other  countries  Dell,  the  Dell  logo  and  PowerEdge  are  registered  trademarks  of  the  Dell  Computer  Corporation.  ®2002  Dell  Computer  Corporation  All  rights  reserved. 


■  Cost-effective  access 
routing  for  branch  office 
connectivity  and 
Internet  access 

■  Recognizable  Command 
Line  Interface  (CLI) 

■  No  retraining  or 
costly  certification 

■  Built-in  stateful 
inspection  firewall 

■  Interoperable  with  other 
standards-based  routers 

■  Optional  PBX  connectivity 

■  Optional  dial 
backup  system 

■  Built-in  DSU/CSU  for 
WAN  termination 


This  powerful  new  access  router  from  ADTRAN  is  everything  you 
need  in  a  router,  and  then  some,  at  a  cost  that's  up  to  55  percent 
less  than  other  brand  name  routers.  This  high-quality,  low-cost 
alternative  features  a  stateful  inspection  firewall,  a  DSU/CSU,  and  a 
familiar  CLI.  Comprehensive  dial  backup  and  PBX  connectivity  are 
available  at  a  minimal  cost.  Interoperable  with  other  standards-based 
routers,  the  NetVanta  3000  series  fits  seamlessly  into  your  existing 
network.  Backed  by  unlimited  telephone  support  and  a  5-year 
warranty,  the  NetVanta  3000  series  is  clearly  the  intelligent  choice. 

New  vendor  to  routing?  No  way!  ADTRAN  has  incorporated  its 
router  technology  into  selected  WAN  connectivity  products  for  the 
past  five  years;  with  more  than  75,000  now  installed  in  networks 
around  the  world.  The  NetVanta  3000  series  is ’the  latest  in  a  long 
line  of  market-leading  internetworking  and  connectivity  solutions, 
from  a  company  with  a  17-year  history  of  customer  satisfaction. 


■  Free  24x7  telephone 
technical  support 

■  Optional  extended 
installation  and 
maintenance  program 


Dare  to  compare  the  new  NetVanta  3000  series! 

www.  dare2compare.  adtran.com 

877.212.0327  Technical  Questions 
877.280.8416  Where  to  Buy 


Experts  choose  ADTRANT  Adirati 
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